{"savedObjectId":"a680c3e0-d027-11ea-806c-5bbe39e9e057","version":"WzI2NjM3LDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[{"excluded":false,"and":[],"kqlQuery":"","name":"","queryMatch":{"field":"host.hostname","value":"","operator":":*"},"id":"timeline-1-fff454a6-2b9a-4209-a6e8-48e76add32a4","type":"default","enabled":true}],"description":"more testing","eventType":"all","filters":[],"kqlMode":"filter","timelineType":"template","kqlQuery":{"filterQuery":null},"title":"Mike Test 4","sort":{"columnId":"@timestamp","sortDirection":"desc"},"templateTimelineId":"439614a7-4b77-40d3-a615-642ddd2540e7","templateTimelineVersion":1,"created":1595867930395,"createdBy":"elastic","updated":1595867960971,"updatedBy":"elastic","dateRange":{"start":"2020-04-29T11:50:20.848Z","end":"2020-04-29T12:11:20.848Z"},"savedQueryId":null,"eventNotes":[],"globalNotes":[],"pinnedEventIds":[]}
{"savedObjectId":"65eaf3a0-d027-11ea-806c-5bbe39e9e057","version":"WzI2NjEwLDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[{"excluded":false,"and":[],"kqlQuery":"","name":"{agent.name}","queryMatch":{"field":"agent.name","value":"{agent.name}","operator":":"},"id":"timeline-1-c956f88f-8d4c-4532-bb54-8877e92abe8c","type":"template","enabled":true}],"description":"Testing","eventType":"all","filters":[],"kqlMode":"filter","timelineType":"template","kqlQuery":{"filterQuery":null},"title":"Mike Test 3","sort":{"columnId":"@timestamp","sortDirection":"desc"},"templateTimelineId":"c95f74e5-152d-4362-97c2-193c060092a6","templateTimelineVersion":1,"created":1595867822039,"createdBy":"elastic","updated":1595867837683,"updatedBy":"elastic","dateRange":{"start":"2020-04-29T11:50:20.848Z","end":"2020-04-29T12:11:20.848Z"},"savedQueryId":null,"eventNotes":[],"globalNotes":[],"pinnedEventIds":[]}
{"savedObjectId":"2b726280-d027-11ea-806c-5bbe39e9e057","version":"WzI2NjAwLDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[{"excluded":false,"and":[{"excluded":false,"kqlQuery":"","name":"{host.name}","queryMatch":{"field":"host.name","value":"{host.name}","operator":":"},"id":"timeline-1-50c34103-ef3e-41d8-b0c4-d4dcd3e8b1bc","type":"template","enabled":true}],"kqlQuery":"","name":"{event.kind}","queryMatch":{"field":"event.kind","value":"{event.kind}","operator":":"},"id":"timeline-1-bdfa174e-561d-47fe-afbd-294d5c7e78a3","type":"template","enabled":true}],"description":"","eventType":"all","filters":[],"kqlMode":"filter","timelineType":"template","kqlQuery":{"filterQuery":null},"title":"Mike Test 2","sort":{"columnId":"@timestamp","sortDirection":"desc"},"templateTimelineId":"9ca1c452-50c9-49ad-a590-daa39ba3f9da","templateTimelineVersion":1,"created":1595867723940,"createdBy":"elastic","updated":1595867775657,"updatedBy":"elastic","dateRange":{"start":"2020-04-29T11:50:20.848Z","end":"2020-04-29T12:11:20.848Z"},"savedQueryId":null,"eventNotes":[],"globalNotes":[],"pinnedEventIds":[]}
{"savedObjectId":"170a51d0-d01e-11ea-806c-5bbe39e9e057","version":"WzI2MjI0LDFd","columns":[{"columnHeaderType":"not-filtered","indexes":null,"id":"@timestamp","name":null,"searchable":null},{"columnHeaderType":"not-filtered","indexes":null,"id":"signal.rule.description","name":null,"searchable":null},{"columnHeaderType":"not-filtered","indexes":null,"id":"event.action","name":null,"searchable":null},{"columnHeaderType":"not-filtered","indexes":null,"id":"process.name","name":null,"searchable":null},{"aggregatable":true,"category":"process","columnHeaderType":"not-filtered","description":"The working directory of the process.","example":"/home/alice","indexes":null,"id":"process.working_directory","name":null,"searchable":null,"type":"string"},{"aggregatable":true,"category":"process","columnHeaderType":"not-filtered","description":"Array of process arguments, starting with the absolute path to\nthe executable.\n\nMay be filtered to protect sensitive information.","example":"[\"/usr/bin/ssh\",\"-l\",\"user\",\"10.0.0.16\"]","indexes":null,"id":"process.args","name":null,"searchable":null,"type":"string"},{"columnHeaderType":"not-filtered","indexes":null,"id":"process.pid","name":null,"searchable":null},{"aggregatable":true,"category":"process","columnHeaderType":"not-filtered","description":"Absolute path to the process executable.","example":"/usr/bin/ssh","indexes":null,"id":"process.parent.executable","name":null,"searchable":null,"type":"string"},{"aggregatable":true,"category":"process","columnHeaderType":"not-filtered","description":"Array of process arguments.\n\nMay be filtered to protect sensitive information.","example":"[\"ssh\",\"-l\",\"user\",\"10.0.0.16\"]","indexes":null,"id":"process.parent.args","name":null,"searchable":null,"type":"string"},{"aggregatable":true,"category":"process","columnHeaderType":"not-filtered","description":"Process id.","example":"4242","indexes":null,"id":"process.parent.pid","name":null,"searchable":null,"type":"number"},{"aggregatable":true,"category":"user","columnHeaderType":"not-filtered","description":"Short name or login of the user.","example":"albert","indexes":null,"id":"user.name","name":null,"searchable":null,"type":"string"},{"aggregatable":true,"category":"host","columnHeaderType":"not-filtered","description":"Name of the host.\n\nIt can contain what `hostname` returns on Unix systems, the fully qualified\ndomain name, or a name specified by the user. The sender decides which value\nto use.","indexes":null,"id":"host.name","name":null,"searchable":null,"type":"string"}],"dataProviders":[{"id":"timeline-1-8622010a-61fb-490d-b162-beac9c36a853","name":"{process.name}","enabled":true,"excluded":false,"kqlQuery":"","type":"template","queryMatch":{"field":"process.name","displayField":null,"value":"{process.name}","displayValue":null,"operator":":"},"and":[]},{"id":"timeline-1-4685da24-35c1-43f3-892d-1f926dbf5568","name":"{event.type}","enabled":true,"excluded":false,"kqlQuery":"","type":"template","queryMatch":{"field":"event.type","displayField":null,"value":"{event.type}","displayValue":null,"operator":":*"},"and":[]}],"description":"","eventType":"all","filters":[],"kqlMode":"filter","kqlQuery":{"filterQuery":{"kuery":{"kind":"kuery","expression":""},"serializedQuery":""}},"title":"Generic Process Timeline - Duplicate","timelineType":"template","templateTimelineVersion":1,"templateTimelineId":"225d8590-f583-4528-aba4-eaf7abca7b2d","dateRange":{"start":"2020-04-29T11:50:20.848Z","end":"2020-04-29T12:11:20.848Z"},"savedQueryId":null,"sort":{"columnId":"@timestamp","sortDirection":"desc"},"created":1595863824232,"createdBy":"elastic","updated":1595863824232,"updatedBy":"elastic","eventNotes":[],"globalNotes":[],"pinnedEventIds":[]}
{"savedObjectId":"9b13bbb0-d00f-11ea-806c-5bbe39e9e057","version":"WzI1NjgxLDFd","columns":[{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"@timestamp","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"message","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"event.category","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"event.action","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"host.name","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"source.ip","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"destination.ip","searchable":null},{"indexes":null,"name":null,"columnHeaderType":"not-filtered","id":"user.name","searchable":null}],"dataProviders":[{"excluded":false,"and":[{"excluded":false,"kqlQuery":"","name":"{agent.type}","queryMatch":{"displayValue":null,"field":"agent.type","displayField":null,"value":"{agent.type}","operator":":"},"id":"timeline-1-a88d46b0-1826-43c2-b8df-280d739aeb74","type":"template","enabled":true}],"kqlQuery":"","name":"{event.kind}","queryMatch":{"displayValue":null,"field":"event.kind","displayField":null,"value":"{event.kind}","operator":":"},"id":"timeline-1-c6ce467b-703e-4e31-b977-a7ecf6b64439","type":"template","enabled":true}],"description":"Template to test bug fix","eventType":"all","filters":[],"kqlMode":"filter","timelineType":"template","kqlQuery":{"filterQuery":null},"title":"Mike Test 1","sort":{"columnId":"@timestamp","sortDirection":"desc"},"templateTimelineId":"34e82e66-c35e-435b-97e6-31476a099b42","templateTimelineVersion":1,"created":1595857603303,"createdBy":"elastic","updated":1595858275935,"updatedBy":"elastic","dateRange":{"start":"2020-07-27T11:39:19.962Z","end":"2020-07-27T11:45:19.962Z"},"savedQueryId":null,"eventNotes":[],"globalNotes":[],"pinnedEventIds":[]}