{ "detections-page": { "id": "detections-page", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp", "type": "number", "initialWidth": 190 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.", "example": "666777888999", "id": "cloud.account.id", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "id": "cloud.account.name", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Availability zone in which this host is running.", "example": "us-east-1c", "id": "cloud.availability_zone", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Instance ID of the host machine.", "example": "i-1234567890abcdef0", "id": "cloud.instance.id", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Instance name of the host machine.", "id": "cloud.instance.name", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Machine type of the host machine.", "example": "t2.medium", "id": "cloud.machine.type", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Name of the project in Google Cloud. ", "example": "project-x", "id": "cloud.project.id", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "id": "cloud.project.name", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.", "example": "aws", "id": "cloud.provider", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "description": "Region in which this host is running.", "example": "us-east-1", "id": "cloud.region", "type": "string", "aggregatable": true, "initialWidth": 180 }, { "category": "cloud", "columnHeaderType": "not-filtered", "id": "cloud.service.name", "type": "string", "aggregatable": true, "initialWidth": 180 } ], "defaultColumns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp", "initialWidth": 200 }, { "columnHeaderType": "not-filtered", "displayAsText": "Rule", "id": "signal.rule.name", "initialWidth": 180, "linkField": "signal.rule.id" }, { "columnHeaderType": "not-filtered", "displayAsText": "Severity", "id": "signal.rule.severity", "initialWidth": 105 }, { "columnHeaderType": "not-filtered", "displayAsText": "Risk Score", "id": "signal.rule.risk_score", "initialWidth": 100 }, { "columnHeaderType": "not-filtered", "displayAsText": "Reason", "id": "signal.reason", "initialWidth": 450 }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "user.name" }, { "columnHeaderType": "not-filtered", "id": "process.name" }, { "columnHeaderType": "not-filtered", "id": "file.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" } ], "dateRange": { "start": "2021-09-08T18:30:00.000Z", "end": "2021-09-09T18:29:59.999Z" }, "deletedEventIds": [ ], "excludedRowRendererIds": [ "alerts", "auditd", "auditd_file", "library", "netflow", "plain", "registry", "suricata", "system", "system_dns", "system_endgame_process", "system_file", "system_fim", "system_security_event", "system_socket", "threat_match", "zeek" ], "expandedDetail": { }, "filters": [ ], "kqlQuery": { "filterQuery": null }, "indexNames": [ ".siem-signals-default" ], "isSelectAllChecked": false, "itemsPerPage": 25, "itemsPerPageOptions": [ 10, 25, 50, 100 ], "loadingEventIds": [ ], "selectedEventIds": { }, "showCheckboxes": true, "sort": [ { "columnId": "@timestamp", "columnType": "date", "sortDirection": "desc" } ], "savedObjectId": null, "version": null, "footerText": "alerts", "title": "", "activeTab": "query", "prevActiveTab": "query", "dataProviders": [ ], "description": "", "eqlOptions": { "eventCategoryField": "event.category", "tiebreakerField": "", "timestampField": "@timestamp", "query": "", "size": 100 }, "eventType": "all", "eventIdToNoteIds": { }, "highlightedDropAndProviderId": "", "historyIds": [ ], "isFavorite": false, "isLive": false, "isSaving": false, "kqlMode": "filter", "timelineType": "default", "templateTimelineId": null, "templateTimelineVersion": null, "noteIds": [ ], "pinnedEventIds": { }, "pinnedEventsSaveObject": { }, "show": false, "status": "draft", "initialized": true, "updated": 1631167643611 } }