Skip to content

Commit

Permalink
Merge pull request #52 from harper-carroll/TLD_by_Harper
Browse files Browse the repository at this point in the history
Added TLD, SLD, FQDN dashboard
  • Loading branch information
Kjell Hedström authored Jul 13, 2016
2 parents 645417f + d35ccf7 commit 84193d2
Show file tree
Hide file tree
Showing 7 changed files with 78 additions and 0 deletions.
11 changes: 11 additions & 0 deletions resources/dashboards/Top-Level-Domain-Dashboard.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"hits": 0,
"timeRestore": false,
"description": "",
"title": "Top Level Domain Dashboard",
"panelsJSON": "[{\"col\":1,\"columns\":[\"SrcIP\",\"DestIP\",\"Application\",\"Duration\",\"Session\",\"Domain_TLD_NM\",\"Domain_SLD_NM\",\"Domain_FQDN_NM\"],\"id\":\"Top-Level-Domain-Table\",\"row\":10,\"size_x\":12,\"size_y\":5,\"sort\":[\"TimeUpdated\",\"desc\"],\"type\":\"search\"},{\"col\":5,\"id\":\"High-Bandwidth-Top-Level-Domains\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Low-Bandwidth-Top-Level-Domains\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-10-Top-Level-Domains-By-Bandwidth\",\"row\":5,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-10-Second-Level-Domains-By-Bandwidth\",\"row\":5,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"id\":\"Top-Level-Domain-Dashboard-Description\",\"type\":\"visualization\",\"size_x\":4,\"size_y\":4,\"col\":1,\"row\":1}]",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
}
}
22 changes: 22 additions & 0 deletions resources/searches/Top-Level-Domain-Table.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"sort": [
"TimeUpdated",
"desc"
],
"hits": 0,
"description": "",
"title": "Top Level Domain Table",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"_exists_:Domain_TLD_NM\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
},
"columns": [
"SrcIP",
"DestIP",
"Application",
"Duration",
"Domain_TLD_NM",
"Domain_SLD_NM",
"Domain_FQDN_NM"
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytes\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_TLD_NM\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_SLD_NM.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_FQDN_NM.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
},
"version": 1,
"description": "",
"title": "High Bandwidth Top Level Domains"
}
9 changes: 9 additions & 0 deletions resources/visualizations/Low-Bandwidth-Top-Level-Domains.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytes\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_TLD_NM\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_SLD_NM.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Domain_FQDN_NM.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
},
"version": 1,
"description": "",
"title": "Low Bandwidth Top Level Domains"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytes\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Domain_SLD_NM.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
},
"version": 1,
"description": "",
"title": "Top 10 Second Level Domains By Bandwidth"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytes\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Domain_TLD_NM\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"2-orderAgg\",\"type\":\"count\",\"schema\":\"orderAgg\",\"params\":{}}}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
},
"version": 1,
"description": "",
"title": "Top 10 Top Level Domains By Bandwidth"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"visState": "{\"type\":\"markdown\",\"params\":{\"markdown\":\"#### **Data will only be visible in this dashboard if you enable the Flow_TopLevelDomain system rule.**\\n* A **Top Level Domain (TLD)** is the highest level domain name. For example, \\\"com\\\" is the TLD of https://support.logrhythm.com. Domain_TLD_NM will be \\\"com\\\".\\n* A **Second Level Domain (SLD)** is the second highest level domain name. For example, \\\"logrhythm\\\" is the SLD of https://support.logrhythm.com. Domain_SLD_NM will be \\\"logrhythm.com\\\".\\n* A **Fully Qualified Domain Name (FQDN)** is the full domain after the application. For example, \\\"support.logrhythm.com\\\" is the FQDN of https://support.logrhythm.com. Domain_FQDN_NM will be \\\"support.logrhythm.com\\\".\"},\"aggs\":[],\"listeners\":{}}",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
},
"version": 1,
"description": "",
"title": "Top Level Domain Dashboard Description"
}

0 comments on commit 84193d2

Please sign in to comment.