diff --git a/resources/dashboards/File-Reconstruction-Dashboard.json b/resources/dashboards/File-Reconstruction-Dashboard.json index f583907331091..3833babd9d127 100644 --- a/resources/dashboards/File-Reconstruction-Dashboard.json +++ b/resources/dashboards/File-Reconstruction-Dashboard.json @@ -2,10 +2,10 @@ "title": "File Reconstruction Dashboard", "hits": 0, "description": "", - "panelsJSON": "[{\"id\":\"Top-10-Attachment-Types-(bar-graph)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1},{\"id\":\"Top-10-Attachment-Names\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":1},{\"id\":\"Top-10-Senders-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":1},{\"id\":\"Top-10-Receivers-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":5},{\"id\":\"Sessions-With-Attachments-(line-graph)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":5},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":5},{\"id\":\"Attachment-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":9,\"columns\":[\"Attach\",\"SenderEmail\",\"ReceiverEmail\",\"Filename\",\"AttachSize\",\"AttachType\"],\"sort\":[\"TimeUpdated\",\"desc\"]}]", - "version": 1, + "panelsJSON": "[{\"id\":\"Top-10-Attachment-Types-(bar-graph)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1},{\"id\":\"Top-10-Attachment-Names\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":1},{\"id\":\"Top-10-Senders-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":1},{\"id\":\"Top-10-Receivers-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":5},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":5},{\"id\":\"Attachment-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":9,\"columns\":[\"Attach\",\"SenderEmail\",\"ReceiverEmail\",\"Filename\",\"AttachSize\",\"AttachType\"],\"sort\":[\"TimeUpdated\",\"desc\"]},{\"id\":\"Sessions-Over-Time\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":5}]", + "version": 2, "timeRestore": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"[network_]YYYY_MM_DD\",\"key\":\"Attach\",\"value\":\"true\",\"disabled\":false},\"query\":{\"match\":{\"Attach\":{\"query\":true,\"type\":\"phrase\"}}}},{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } } \ No newline at end of file diff --git a/resources/dashboards/SMTP-Trends-Dashboard.json b/resources/dashboards/SMTP-Trends-Dashboard.json index 314ca361c89c1..a80170066fd3b 100644 --- a/resources/dashboards/SMTP-Trends-Dashboard.json +++ b/resources/dashboards/SMTP-Trends-Dashboard.json @@ -2,10 +2,10 @@ "title": "SMTP Trends Dashboard", "hits": 0, "description": "", - "panelsJSON": "[{\"id\":\"Top-10-Email-Senders\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":1},{\"id\":\"Top-10-Email-Subjects\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":4},{\"id\":\"Top-10-Email-Sender-Domains\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":4},{\"id\":\"SMTP-Sessions-Over-Time\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":1},{\"id\":\"SMTP-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":7,\"columns\":[\"Attach\",\"SenderEmail\",\"ReceiverEmail\",\"Subject\",\"TotalBytes\"],\"sort\":[\"TimeUpdated\",\"desc\"]},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":1}]", - "version": 1, + "panelsJSON": "[{\"id\":\"Top-10-Email-Senders\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":1},{\"id\":\"Top-10-Email-Subjects\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":4},{\"id\":\"Top-10-Email-Sender-Domains\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":4},{\"id\":\"SMTP-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":7,\"columns\":[\"Attach\",\"SenderEmail\",\"ReceiverEmail\",\"Subject\",\"TotalBytes\"],\"sort\":[\"TimeUpdated\",\"desc\"]},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":1},{\"id\":\"Sessions-Over-Time\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":1}]", + "version": 2, "timeRestore": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"[network_]YYYY_MM_DD\",\"key\":\"Application\",\"value\":\"smtp\",\"disabled\":false},\"query\":{\"match\":{\"Application\":{\"query\":\"smtp\",\"type\":\"phrase\"}}}},{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } } \ No newline at end of file diff --git a/resources/searches/Attachment-Table.json b/resources/searches/Attachment-Table.json index f43927c25b6d3..02664fb382d9a 100644 --- a/resources/searches/Attachment-Table.json +++ b/resources/searches/Attachment-Table.json @@ -14,8 +14,8 @@ "TimeUpdated", "desc" ], - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"[network_]YYYY_MM_DD\",\"key\":\"Attach\",\"value\":\"true\",\"disabled\":false},\"query\":{\"match\":{\"Attach\":{\"query\":true,\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" } } \ No newline at end of file diff --git a/resources/searches/SMTP-Table.json b/resources/searches/SMTP-Table.json index fe3c9db609786..74d556ca4a890 100644 --- a/resources/searches/SMTP-Table.json +++ b/resources/searches/SMTP-Table.json @@ -13,8 +13,8 @@ "TimeUpdated", "desc" ], - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[],\"query\":{\"query_string\":{\"query\":\"Application:smtp\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"[network_]YYYY_MM_DD\",\"key\":\"Application\",\"value\":\"smtp\",\"disabled\":false},\"query\":{\"match\":{\"Application\":{\"query\":\"smtp\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" } } \ No newline at end of file diff --git a/resources/visualizations/SMTP-Sessions-Over-Time.json b/resources/visualizations/Sessions-Over-Time.json similarity index 83% rename from resources/visualizations/SMTP-Sessions-Over-Time.json rename to resources/visualizations/Sessions-Over-Time.json index bd10be47a04f6..7b8f71a514e17 100644 --- a/resources/visualizations/SMTP-Sessions-Over-Time.json +++ b/resources/visualizations/Sessions-Over-Time.json @@ -1,9 +1,9 @@ { - "title": "SMTP Sessions Over Time", + "title": "Sessions Over Time", "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", "description": "", - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Application:smtp\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } \ No newline at end of file diff --git a/resources/visualizations/Sessions-With-Attachments-(line-graph).json b/resources/visualizations/Sessions-With-Attachments-(line-graph).json deleted file mode 100644 index 3e767776734cf..0000000000000 --- a/resources/visualizations/Sessions-With-Attachments-(line-graph).json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "title": "Sessions With Attachments (line graph)", - "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" - } -} diff --git a/resources/visualizations/Top-10-Attachment-Types-(bar-graph).json b/resources/visualizations/Top-10-Attachment-Types-(bar-graph).json index 6462ce07cf152..840e13ffd990b 100644 --- a/resources/visualizations/Top-10-Attachment-Types-(bar-graph).json +++ b/resources/visualizations/Top-10-Attachment-Types-(bar-graph).json @@ -1,9 +1,9 @@ { - "title": "Top 10 Attachment Types (bar graph)", - "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"AttachSize\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"AttachType.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title": "Top 10 Attachment Types (bar graph)", + "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"AttachSize\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"AttachType.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "version": 2, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" + } } diff --git a/resources/visualizations/Top-10-Attachment-Types-By-Count.json b/resources/visualizations/Top-10-Attachment-Types-By-Count.json index 2de6b7aadbce3..2e9f79765b4dc 100644 --- a/resources/visualizations/Top-10-Attachment-Types-By-Count.json +++ b/resources/visualizations/Top-10-Attachment-Types-By-Count.json @@ -2,8 +2,8 @@ "title": "Top 10 Attachment Types By Count", "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"AttachType.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } diff --git a/resources/visualizations/Top-10-Email-Sender-Domains.json b/resources/visualizations/Top-10-Email-Sender-Domains.json index adb21a8124d8f..7fda585095915 100644 --- a/resources/visualizations/Top-10-Email-Sender-Domains.json +++ b/resources/visualizations/Top-10-Email-Sender-Domains.json @@ -6,4 +6,4 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Application:smtp\",\"analyze_wildcard\":true}},\"filter\":[]}" } -} \ No newline at end of file +} diff --git a/resources/visualizations/Top-10-Email-Senders.json b/resources/visualizations/Top-10-Email-Senders.json index 600181581ba4c..d414c1f4890ff 100644 --- a/resources/visualizations/Top-10-Email-Senders.json +++ b/resources/visualizations/Top-10-Email-Senders.json @@ -6,4 +6,4 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"SenderEmail:*\",\"analyze_wildcard\":true}},\"filter\":[]}" } -} \ No newline at end of file +} diff --git a/resources/visualizations/Top-10-Email-Subjects.json b/resources/visualizations/Top-10-Email-Subjects.json index 8c1ebc8272510..afaabdf2f7033 100644 --- a/resources/visualizations/Top-10-Email-Subjects.json +++ b/resources/visualizations/Top-10-Email-Subjects.json @@ -6,4 +6,4 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Subject:*\",\"analyze_wildcard\":true}},\"filter\":[]}" } -} \ No newline at end of file +} diff --git a/resources/visualizations/Top-10-Receivers-By-Count.json b/resources/visualizations/Top-10-Receivers-By-Count.json index 057f17b300003..58dbff53d7a77 100644 --- a/resources/visualizations/Top-10-Receivers-By-Count.json +++ b/resources/visualizations/Top-10-Receivers-By-Count.json @@ -2,8 +2,8 @@ "title": "Top 10 Receivers By Count", "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ReceiverEmail.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } \ No newline at end of file diff --git a/resources/visualizations/Top-10-Senders-By-Count.json b/resources/visualizations/Top-10-Senders-By-Count.json index e13ad405cd839..821728a582898 100644 --- a/resources/visualizations/Top-10-Senders-By-Count.json +++ b/resources/visualizations/Top-10-Senders-By-Count.json @@ -2,8 +2,8 @@ "title": "Top 10 Senders By Count", "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SenderEmail.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", - "version": 1, + "version": 2, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"Attach:true\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } \ No newline at end of file