├── dashboards ├── config.json ├── visualization │ ├── SN Count.json │ ├── SN SSH-count.json │ ├── SN Alerts-count.json │ ├── SN Files-count.json │ ├── SN HTTP-size.json │ ├── SN SSH-transactions-count.json │ ├── SN HTTP-transactions-count.json │ ├── SN TLS-transactions-count.json │ ├── SN HTTP-total-size.json │ ├── SN Stats-TotalKernelPackets.json │ ├── SN Alert-Count.json │ ├── SN HTTP-status.json │ ├── SN Stats-DecoderBytes-Packets.json │ ├── SN TLS-TCP-ports.json │ ├── SN TLS-versions.json │ ├── SN Urls-visited.json │ ├── SN Alerts-severity.json │ ├── SN Files-protocols.json │ ├── SN HTTP-methods.json │ ├── SN HTTP-protocols.json │ ├── SN HTTP-referrals.json │ ├── SN Alerts-categories.json │ ├── SN TLS-fingerprints.json │ ├── SN Alerts-signatures.json │ ├── SN HTTP-Top-hostnames.json │ ├── SN HTTP-top-referrals.json │ ├── SN Protocol.json │ ├── SN SSH-Connections-by-appliance.json │ ├── SN HTTP-Top-user-agents.json │ ├── SN SSH-Client-version.json │ ├── SN SSH-Server-version.json │ ├── SN TLS-transactions-by-appliance.json │ ├── SN DNS-ByProto.json │ ├── SN DNS-Rcode.json │ ├── SN DNS-Rdata.json │ ├── SN DNS-Rrname.json │ ├── SN DNS-Rrtype.json │ ├── SN DNS-Type.json │ ├── SN DNS-Top20SrcIP.json │ ├── SN SSH-Top20SrcIP.json │ ├── SN SSH-Top20SrcPort.json │ ├── SN TLS-Top20SrcIP.json │ ├── SN Alert-Proto.json │ ├── SN DNS-Top20DestIP.json │ ├── SN DNS-Top20DestPort.json │ ├── SN DNS-Top20SrcPort.json │ ├── SN SMTP-Top20SrcIP.json │ ├── SN SSH-Top20DestIP.json │ ├── SN SSH-Top20DestPort.json │ ├── SN TLS-Top20DestIP.json │ ├── SN TLS-Top20SrcPort.json │ ├── SN Alert-Top20SrcIP.json │ ├── SN FILE-Top20SrcIP.json │ ├── SN SMTP-Top20DestIP.json │ ├── SN SMTP-Top20DestPort.json │ ├── SN SMTP-Top20SrcPort.json │ ├── SN TLS-Top20DestPort.json │ ├── SN Alert-Top20DstIP.json │ ├── SN Alert-Top20SrcPorts.json │ ├── SN FILE-Top20DestIP.json │ ├── SN FILE-Top20SrcPort.json │ ├── SN Alert-Top20DstPorts.json │ ├── SN FILE-Top20DestPort.json │ ├── SN HTTP-UserAgentOS.json │ ├── SN HTTP-UserAgentName.json │ ├── SN HTTP-UserAgentMajor.json │ ├── SN HTTP-UserAgentMinor.json │ ├── SN HTTP-UserAgentOSName.json │ ├── SN HTTP-UserAgentPatch.json │ ├── SN SSH-ByClientProtoVer.json │ ├── SN HTTP-UserAgentDevices.json │ ├── SN SSH-ByServerProtoVer.json │ ├── SN SSH-ByClientSoftwareVer.json │ ├── SN SSH-ByServerSoftwareVer.json │ ├── SN TLS-BySni.json │ ├── SN HTTP-Vary.json │ ├── SN VLAN-Top20VLANsUsed.json │ ├── SN FILE-FileSizeByExtention.json │ ├── SN TLS-BySubject.json │ ├── SN Alert-ByVLANIDTop20.json │ ├── SN HTTP-Servers.json │ ├── SN HTTP-StatusCode.json │ ├── SN TLS-ByIssuerdn.json │ ├── SN Alert-ByTlsSni.json │ ├── SN Alert-Top10Signatures.json │ ├── SN HTTP-AcceptEncoding.json │ ├── SN Alert-Top20Signatures.json │ ├── SN SMTP-Top20MailApplications.json │ ├── SN Alert-Bottom20Signatures.json │ ├── SN Alert-BySmtpHello.json │ ├── SN HTTP-CacheControl.json │ ├── SN Alert-ByTlsIssuerdn.json │ ├── SN SMTP-Top20MailOrganisations.json │ ├── SN SMTP-Top20MailSendingIPs.json │ ├── SN Alert-ByHttpMethod.json │ ├── SN HTTP-response-by-hostname.json │ ├── SN HTTP-status-by-hostname.json │ ├── SN TopDstIPDstPort.json │ ├── SN Alert-ByHttpContentType.json │ ├── SN TopSrcIPSrcPort.json │ ├── SN VLAN-ByEventType.json │ ├── SN SSH-Connections.json │ ├── SN Dest_ports.json │ ├── SN TLS-certificates-issuers-and-subjects.json │ ├── SN TopDestPortsByCountry.json │ ├── SN HTTP-ContentTypeByAplication.json │ ├── SN TopSrcPortsByCountry.json │ ├── SN DNS-ByTtl.json │ ├── SN SMTP-Top20rcpt_to.json │ ├── SN FILE-ByGeoCityByType.json │ ├── SN SMTP-Top20VLAN.json │ ├── SN FILE-ByProtoByHostnameServed.json │ ├── SN SMTP-Top20mail_from.json │ ├── SN Proto-app_proto.json │ ├── SN TLS-ByVersionBySni.json │ ├── SN Timeline.json │ ├── SN Average-packet-size.json │ ├── SN Browsers.json │ ├── SN HTTP-EventsOverTime.json │ ├── SN SSH-EventsOverTime.json │ ├── SN TLS-EventsOverTime.json │ ├── SN HTTP-AcceptEncodingByHost.json │ ├── SN Map.json │ ├── SN HTTP-bandwidth.json │ ├── SN HTTP-AcceptEncodingByConnection.json │ ├── SN HTTP-lengths.json │ ├── SN Stats-Frags.json │ ├── SN Alerts-over-time.json │ ├── SN TopDestPortsByCountryByCity.json │ ├── SN Alert-ByTlsIssuerByTlsSniNotGoogleYahooTwiter.json │ ├── SN TopSrcPortsByCountryByCity.json │ ├── SN HTTP-events-over-time.json │ ├── SN SSH-Connections-count.json │ ├── SN FILE-EventsOverTime.json │ ├── SN Alert-Timeline.json │ ├── SN SSH-transactions-over-time.json │ ├── SN TLS-transactions-over-time.json │ ├── SN Alert-BySshServerProtoBySshSoftwareVer.json │ ├── SN Alerts-locations.json │ ├── SN Files-informations-over-time.json │ ├── SN HTTP-UserAgenOSMethodContent.json │ ├── SN Stats-ipv4-ipv6-fragments.json │ ├── SN Src-and-dst-IP-unique-count.json │ ├── SN Alert-BySshClientProtoBySshClientSoftwareVer.json │ ├── SN SSH-GeoIP.json │ ├── SN TLS-GeoIP.json │ ├── SN SMTP-GeoIP.json │ ├── SN Stats-EmergencyMode.json │ ├── SN FILE-GeoIP.json │ ├── SN DNS-NXDOMAINGeoIP.json │ ├── SN DNS-GeoIP.json │ ├── SN EventTypeOverTimeAll.json │ ├── SN ApplayerProtoDestIPDestPort.json │ ├── SN PerVLAN-DNSEventsOverTime.json │ ├── SN PerVLAN-SSHEventsOverTime.json │ ├── SN SMTP-Top20VLANsOverTime.json │ ├── SN PerVLAN-SMTPEventsOverTime.json │ ├── SN ApplayerProtoSrcIPSrcPort.json │ ├── SN Stats-CapturedPktsVsGaps.json │ ├── SN Stats-DecoderAvgMaxPktSize.json │ ├── SN Alert-ByHttpProtocolByUserAgentByOS.json │ ├── SN FILE-ByTypeOverTime.json │ ├── SN DNS-DnsOverTime.json │ ├── SN DNS-SshOverTime.json │ ├── SN DNS-DnsEventsOverTime.json │ ├── SN Alert-ByVLANID.json │ ├── SN SMTP-SmtpOverTime.json │ ├── SN HTTP-GeoIP.json │ ├── SN PerVLAN-TLSEventsOverTime.json │ ├── SN PerVLAN-HTTPEventsOverTime.json │ ├── SN PerVLAN-ALERTEventsOverTime.json │ ├── SN Alert-GeoMap.json │ ├── SN EventTypeOverTimeExcept-StatsAndFlow.json │ ├── SN Application-protocol.json │ ├── SN PerVLAN-FILETransEventsOverTime.json │ ├── SN Alert-ByTlsIssuerByTlsSniByTlsVersionNotGoogleYahooTwiter.json │ ├── SN Stats-Frags-Deltas.json │ ├── SN Mean-flow-age-and-count.json │ ├── SN Syn-SynAck-Rst.json │ ├── SN Flow-unique-count-of-src-and-dst-IP.json │ ├── SN Stats-KernelPacketsAndDrops-Deltas.json │ ├── SN Stats-memuse-Deltas.json │ ├── SN TLS-transactions-table.json │ ├── SN Alerts-details.json │ ├── SN Stats-Memcap-Deltas.json │ ├── SN FILE-GeoIPPDFAndExecutables.json │ ├── SN Alert-ByExtraInfoType.json │ ├── SN SSH-Transaction-Details.json │ ├── SN Stats-Decoder-Deltas.json │ ├── SN HTTP-transactions-details.json │ ├── SN Files-informations-details.json │ └── SN SMTP-AttachmentsExtension.json ├── search │ ├── SN STATS-EventsList.json │ ├── SN DNS-EventsList.json │ ├── SN TLS-EventsList.json │ ├── SN ALL-EventsList.json │ ├── SN FLOW-EventsList.json │ ├── SN FILE-EventsList.json │ ├── SN SMTP-EventsList.json │ ├── SN ALERT-EventsList.json │ ├── SN HTTP-EventsList.json │ └── SN SSH-EventsList.json └── dashboard │ ├── SN FLOW.json │ ├── SN FILE-Transactions.json │ ├── SN TLS.json │ ├── SN VLAN.json │ ├── SN SSH.json │ ├── SN ALL.json │ ├── SN SMTP.json │ ├── SN DNS.json │ ├── SN STATS.json │ └── SN HTTP.json ├── tools ├── extract.sh └── index-merge.py ├── patches ├── timelion-integer.patch └── kibana-integer.patch ├── load.sh └── README.rst /dashboards/config.json: -------------------------------------------------------------------------------- 1 | {"buildNum":9517,"defaultIndex":"logstash-*"} 2 | -------------------------------------------------------------------------------- /dashboards/visualization/SN Count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Count\",\"type\":\"metric\",\"params\":{\"fontSize\":\"22\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN Count","uiStateJSON":"{}","version":1,"savedSearchId":"Suricata-events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"fontSize\":60},\"type\":\"metric\"}","description":"","title":"SN SSH count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN Alerts count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Files-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN Files count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-size.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"http.length\"}}],\"listeners\":{}}","description":"","title":"SN HTTP size","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-transactions-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN SSH transactions count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-transactions-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN HTTP transactions count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-transactions-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"metric\",\"params\":{\"fontSize\":\"58\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN TLS transactions count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-total-size.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{\"field\":\"http.length\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"listeners\":{},\"params\":{\"fontSize\":\"30\"},\"type\":\"metric\"}","description":"","title":"SN HTTP total size","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/search/SN STATS-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN STATS-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"},"columns":["_source"]} -------------------------------------------------------------------------------- /tools/extract.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | set -x 4 | JQ="/usr/bin/jq -M" 5 | 6 | if [ $# != 1 ] 7 | then 8 | echo "Usage: $0 [export_file.json]" >&2 9 | exit 1 10 | fi 11 | 12 | i=0 13 | while true 14 | do 15 | obj="$($JQ ".[$i]" < "$1")" 16 | test "$obj" = "null" && break 17 | 18 | dir=$($JQ '._type' <<< "$obj" | tr -d \") 19 | filename=$dir/$($JQ '._id' <<< "$obj" | tr -d \").json 20 | 21 | echo $filename 22 | mkdir -p $dir 23 | $JQ '._source' <<< "$obj" > $filename 24 | i=$(($i + 1)) 25 | done 26 | -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-TotalKernelPackets.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_packets\"}}],\"listeners\":{}}","description":"","title":"SN Stats-TotalKernelPackets","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"metric\",\"params\":{\"fontSize\":60,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN Alert-Count","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/search/SN DNS-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN DNS-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","dns.rrname","dns.rrtype"]} -------------------------------------------------------------------------------- /dashboards/search/SN TLS-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN TLS-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","tls.version","tls.sni"]} -------------------------------------------------------------------------------- /dashboards/search/SN ALL-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN ALL-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"NOT event_type:stats AND event_type:*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port"]} -------------------------------------------------------------------------------- /dashboards/search/SN FLOW-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN FLOW-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-flow-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["flow.reason","flow.age","src_ip","src_port","proto","dest_ip","dest_port","flow_id","event_type"]} -------------------------------------------------------------------------------- /dashboards/search/SN FILE-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN FILE-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","fileinfo.type","fileinfo.size","fileinfo.filename"]} -------------------------------------------------------------------------------- /dashboards/search/SN SMTP-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN SMTP-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","email.user_agent","email.attachment","email.x_originating_ip"]} -------------------------------------------------------------------------------- /dashboards/search/SN ALERT-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN ALERT-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["EveBox","Scirius","alert.category","src_ip","src_port","proto","dest_ip","dest_port","alert.signature","alert.signature_id"]} -------------------------------------------------------------------------------- /dashboards/search/SN HTTP-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN HTTP-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","http.http_method","http.hostname","http.status","http.protocol","http.server"]} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-status.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.status\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP status","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-DecoderBytes-Packets.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.decoder.bytes\"}},{\"id\":\"3\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.decoder.pkts\"}}],\"listeners\":{}}","description":"","title":"SN Stats-DecoderBytes-Packets","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-TCP-ports.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS TCP ports","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-versions.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS versions","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Urls-visited.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.url.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Urls visited","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-severity.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.severity\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alerts severity","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Files-protocols.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Files protocols","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-methods.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP methods","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-protocols.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.protocol.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP protocols","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-referrals.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_refer.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP referrals","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-categories.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.category.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alerts categories","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-fingerprints.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.fingerprint.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS fingerprints","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-signatures.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alerts signatures","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-Top-hostnames.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP Top hostnames","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-top-referrals.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"field\":\"http.http_refer.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"shareYAxis\":true},\"type\":\"pie\"}","description":"","title":"SN HTTP top referrals","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Protocol.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Protocol","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Connections-by-appliance.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH Connections by appliance","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/search/SN SSH-EventsList.json: -------------------------------------------------------------------------------- 1 | {"sort":["@timestamp","desc"],"hits":0,"description":"","title":"SN SSH-EventsList","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}"},"columns":["event_type","src_ip","src_port","proto","dest_ip","dest_port","ssh.server.proto_version","ssh.server.software_version","ssh.client.software_version","ssh.client.proto_version"]} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-Top-user-agents.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP Top user agents","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Client-version.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH Client version","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Server-version.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH Server version","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-transactions-by-appliance.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS transactions by appliance","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-ByProto.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Rrtype\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-ByProto","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Rcode.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rcode.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Rcode","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Rdata.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rdata.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Rdata","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Rrname.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Rdata\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rrname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Rrname","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Rrtype.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Rrtype\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rrtype.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Rrtype","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Type.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.type.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Type","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20SrcIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Top20SrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20SrcIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-Top20SrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20SrcIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Proto.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Proto","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Top20DestIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Top20SrcIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Top20DestIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Top20DestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Top20SrcPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Top20DestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-Top20SrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN DNS-Top20SrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20SrcPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Top20DestIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-Top20DestIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Top20DestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20SrcPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-Top20DestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-Top20DestIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-Top20DestIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-Top20SrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20SrcPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-Top20SrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Proto\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-Top20SrcIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-Top20SrcIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-Top20SrcIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20DestIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20DestIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20DestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20DestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20SrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20DestPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20SrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-Top20DestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-Top20DestPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-Top20DestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top20DstIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Top20DstPorts\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top20DstIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top20SrcPorts.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Top20SrcIP\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top20SrcPorts","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-Top20DestIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-Top20DestIP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-Top20DestIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-Top20SrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-Top20SrcPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-Top20SrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top20DstPorts.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Top20SrcPorts\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top20DstPorts","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-Top20DestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-Top20DestPort\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-Top20DestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentOS.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentName\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.os.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentOS","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentName.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentMinor\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.name.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentName","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentMajor.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentDevices\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.major.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentMajor","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentMinor.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentMajor\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.minor.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentMinor","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentOSName.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentOS\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.os_name.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentOSName","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentPatch.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentOSName\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.patch.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentPatch","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-ByClientProtoVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.proto_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-ByClientProtoVer","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgentDevices.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.device.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgentDevices","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-ByServerProtoVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-ByClientProtoVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.proto_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-ByServerProtoVer","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-ByClientSoftwareVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-ByClientSoftwareVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-ByClientSoftwareVer","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-ByServerSoftwareVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-ByClientSoftwareVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH-ByServerSoftwareVer","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-BySni.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-ByIssuerdn\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-BySni","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-Vary.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-Servers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.vary.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-Vary","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN VLAN-Top20VLANsUsed.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN VLAN-Top20VLANsUsed","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-FileSizeByExtention.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN FileSize-Extention\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"fileinfo.size\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-FileSizeByExtention","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-BySubject.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-BySni\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.subject.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-BySubject","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByVLANIDTop20.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByVLANIDTop20\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByVLANIDTop20","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert AND vlan:*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-Servers.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.server.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-Servers","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-StatusCode.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.status\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-StatusCode","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-ByIssuerdn.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-ByClientSoftwareVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-ByIssuerdn","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByTlsSni.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByTlsSni\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByTlsSni","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"tls.sni:* AND event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top10Signatures.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top10Signatures","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-AcceptEncoding.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-StatusCode\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.accept_encoding.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-AcceptEncoding","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Top20Signatures.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Bottom20Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Top20Signatures","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20MailApplications.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"email.x_mailer.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20MailApplications","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Bottom20Signatures.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Bottom20Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-Bottom20Signatures","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-BySmtpHello.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-BySmtpHello\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.helo.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-BySmtpHello","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert AND _exists_:smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-CacheControl.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-AcceptEncodingByConnection\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.cache_control.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-CacheControl","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByTlsIssuerdn.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByHttpMethod\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByTlsIssuerdn","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"tls.issuerdn:* AND event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20MailOrganisations.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20MailApplications\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"email.organization.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20MailOrganisations","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20MailSendingIPs.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20MailOrganisations\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"email.x_originating_ip.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20MailSendingIPs","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByHttpMethod.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByHttpMethod\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByHttpMethod","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"http.http_method:* AND event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-response-by-hostname.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.status\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP response by hostname","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-status-by-hostname.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.status\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":16,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP status by hostname","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopDstIPDstPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TopSrcIPSrcPort\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopDstIPDstPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByHttpContentType.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByHttpContentType","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"http.http_method:* AND event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopSrcIPSrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TopSrcPortsByCountry\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopSrcIPSrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN VLAN-ByEventType.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN VLAN-ByEventType","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Connections.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN SSH Connections","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Dest_ports.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Dest_ports","uiStateJSON":"{\"vis\":{\"colors\":{\"Count\":\"#65C5DB\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-certificates-issuers-and-subjects.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.subject.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS certificates issuers and subjects","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopDestPortsByCountry.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopDestPortsByCountry","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-ContentTypeByAplication.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-CacheControl\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-ContentTypeByAplication","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http +http.http_content_type.raw: application*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopSrcPortsByCountry.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TopDestPortsByCountry\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopSrcPortsByCountry","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-ByTtl.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN \",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.ttl\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN DNS-ByTtl","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: dns\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20rcpt_to.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN \",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.rcpt_to.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20rcpt_to","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: smtp\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-ByGeoCityByType.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-ByGeoCityByType","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20VLAN.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20VLAN\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20VLAN","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: smtp\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-ByProtoByHostnameServed.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN FILE-ByGeoCityByType\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-ByProtoByHostnameServed","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20mail_from.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN \",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.mail_from.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20mail_from","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: smtp\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Proto-app_proto.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}","description":"","title":"SN Proto-app_proto","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-ByVersionBySni.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-BySubject\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS-ByVersionBySni","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Timeline.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Timeline\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_type.raw\",\"size\":9,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Timeline","uiStateJSON":"{}","version":1,"savedSearchId":"Suricata-events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Average-packet-size.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Average packet size\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.decoder.avg_pkt_size\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN Average packet size","uiStateJSON":"{}","version":1,"savedSearchId":"Stats","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Browsers.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"http.user_agent.os_name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"field\":\"http.user_agent.name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"id\":\"4\",\"params\":{\"field\":\"http.user_agent.major.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"title\":\"SN Browsers\",\"type\":\"pie\"}","description":"","title":"SN Browsers","uiStateJSON":"{}","version":1,"savedSearchId":"Suricata-events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-EventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN HTTP-EventsOverTime","uiStateJSON":"{\"vis\":{\"colors\":{\"Count\":\"#447EBC\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-EventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN SSH-EventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-EventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-EventsOverTime\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN TLS-EventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-AcceptEncodingByHost.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-AcceptEncoding\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.accept_encoding.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-AcceptEncodingByHost","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Map.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN Map","uiStateJSON":"{}","version":1,"savedSearchId":"Suricata-events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-bandwidth.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"http.length\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":32,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.url.raw\",\"size\":32,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP bandwidth","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-AcceptEncodingByConnection.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-AcceptEncodingByKeepAlive\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.accept_encoding.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.connection.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-AcceptEncodingByConnection","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-lengths.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"http.length\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP lengths","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-Frags.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-Frags\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv4.fragments\"}},{\"id\":\"2\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv6.fragments\"}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.max_frag_hits\"}},{\"id\":\"4\",\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN Stats-Frags","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-over-time.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"id\":\"3\",\"params\":{\"field\":\"host.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"type\":\"area\"}","description":"","title":"SN Alerts over time","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopDestPortsByCountryByCity.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TopDestPortsByCountry\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopDestPortsByCountryByCity","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByTlsIssuerByTlsSniNotGoogleYahooTwiter.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByTlsSni\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByTlsIssuerByTlsSniNotGoogleYahooTwiter","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"tls.issuerdn:* AND event_type: alert -Yahoo -Google -Twitter\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TopSrcPortsByCountryByCity.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TopDestPortsByCountryByCity\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TopSrcPortsByCountryByCity","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-events-over-time.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.raw\",\"size\":16,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP events over time","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Connections-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"id\":\"3\",\"params\":{\"field\":\"host.raw\",\"order\":\"desc\",\"orderBy\":\"_term\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"type\":\"area\"}","description":"","title":"SN SSH Connections count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-EventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN FILE-EventsOverTime","uiStateJSON":"{\"vis\":{\"colors\":{\"Count\":\"#3F2B5B\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-Timeline.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-Timeline\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN Alert-Timeline","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-transactions-over-time.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH transactions over time","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-transactions-over-time.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS transactions over time","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-BySshServerProtoBySshSoftwareVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-BySshServerProtoBySshSoftwareVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.proto_version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-BySshServerProtoBySshSoftwareVer","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert AND _exists_:ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-locations.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN Alerts locations","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Files-informations-over-time.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Files informations over time","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-UserAgenOSMethodContent.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN HTTP-UserAgentOS\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.os.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP-UserAgenOSMethodContent","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-ipv4-ipv6-fragments.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-ipv4-ipv6-fragments\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":true,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv4.fragments\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv6.fragments\"}}],\"listeners\":{}}","description":"","title":"SN Stats-ipv4-ipv6-fragments","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Src-and-dst-IP-unique-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Src and dst IP unique count\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":false,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dest_ip.raw\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}","description":"","title":"SN Src and dst IP unique count","uiStateJSON":"{}","version":1,"savedSearchId":"Suricata-events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-BySshClientProtoBySshClientSoftwareVer.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-BySshClientProtoBySshClientSoftwareVer\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.proto_version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-BySshClientProtoBySshClientSoftwareVer","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert AND _exists_:ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN FLOW.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN FLOW","uiStateJSON":"{\"P-3\":{\"vis\":{\"legendOpen\":false}}}","panelsJSON":"[{\"id\":\"SN Application-protocol\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"SN Flow-unique-count-of-src-and-dst-IP\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"SN Mean-flow-age-and-count\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":4},{\"id\":\"SN FLOW-EventsList\",\"type\":\"search\",\"panelIndex\":4,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":7,\"columns\":[\"flow.reason\",\"flow.age\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"flow_id\",\"event_type\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SSH-GeoIPDestIP\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN SSH-GeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN TLS-GeoIPDestIP\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN TLS-GeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-GeoIPDst\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN SMTP-GeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-EmergencyMode.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-EmergencyMode\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.flow.emerg_mode_entered\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.flow.emerg_mode_over\"}}],\"listeners\":{}}","description":"","title":"SN Stats-EmergencyMode","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"stats.flow.emerg_mode_entered and stats.flow.emerg_mode_over\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"geoip.location\",\"precision\":2},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapType\":\"Scaled Circle Markers\",\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"SN FILE-GeoIPDestIP\",\"type\":\"tile_map\"}","description":"","title":"SN FILE-GeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: fileinfo\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-NXDOMAINGeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN DNS-NXDOMAINGeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"dns.rcode: \\\"NXDOMAIN\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-GeoIP\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":\"0.21\",\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":2,\"mapCenter\":[15.114552871944102,0],\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN DNS-GeoIP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN EventTypeOverTimeAll.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN EventTypeOverTimeAll\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN EventTypeOverTimeAll","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN ApplayerProtoDestIPDestPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN ApplayerProtoDestIPDestPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-DNSEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-DNSEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-DNSEventsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-SSHEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-SSHEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-SSHEventsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-Top20VLANsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20VLANsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SMTP-Top20VLANsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-SMTPEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-SMTPEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-SMTPEventsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN ApplayerProtoSrcIPSrcPort.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN ApplayerProtoDestIPDestPort\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN ApplayerProtoSrcIPSrcPort","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-CapturedPktsVsGaps.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-CapturedPktsVsGaps\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_packets\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.reassembly_gap\"}}],\"listeners\":{}}","description":"","title":"SN Stats-CapturedPktsVsGaps","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-DecoderAvgMaxPktSize.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-DecoderAvgMaxPktSize\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.decoder.avg_pkt_size\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.decoder.max_pkt_size\"}}],\"listeners\":{}}","description":"","title":"SN Stats-DecoderAvgMaxPktSize","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByHttpProtocolByUserAgentByOS.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByHttpMethod\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.protocol.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.user_agent.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByHttpProtocolByUserAgentByOS","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"http.http_method:* AND event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-ByTypeOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"spyPerPage\":10,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"fileinfo.type.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN FILE-ByTypeOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: fileinfo\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-DnsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-SmtpOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}}},\"label\":\"\"}]}}],\"listeners\":{}}","description":"","title":"SN DNS-DnsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-SshOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-DnsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}}},\"label\":\"\"}]}}],\"listeners\":{}}","description":"","title":"SN DNS-SshOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: ssh\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN DNS-DnsEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN DNS-SshOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}}},\"label\":\"\"}]}}],\"listeners\":{}}","description":"","title":"SN DNS-DnsEventsOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-dns-*\",\"query\":{\"query_string\":{\"query\":\"event_type: dns\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByVLANID.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByVLANID\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByVLANID","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert AND vlan:*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-SmtpOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-Top20VLANsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}}},\"label\":\"\"}]}}],\"listeners\":{}}","description":"","title":"SN SMTP-SmtpOverTime","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /patches/timelion-integer.patch: -------------------------------------------------------------------------------- 1 | diff -u -r kibana-4.3.1-linux-x64-1/installedPlugins/timelion/public/services/_saved_sheet.js kibana-4.3.1-linux-x64-2/installedPlugins/timelion/public/services/_saved_sheet.js 2 | --- kibana-4.3.1-linux-x64-1/installedPlugins/timelion/public/services/_saved_sheet.js 2016-01-26 11:09:49.093222555 +0100 3 | +++ kibana-4.3.1-linux-x64-2/installedPlugins/timelion/public/services/_saved_sheet.js 2016-01-25 17:37:55.007695074 +0100 4 | @@ -40,15 +40,15 @@ 5 | // if type:sheet has no mapping, we push this mapping into ES 6 | SavedSheet.mapping = { 7 | title: 'string', 8 | - hits: 'integer', 9 | + hits: 'long', 10 | description: 'string', 11 | timelion_sheet: 'string', 12 | timelion_interval: 'string', 13 | timelion_other_interval: 'string', 14 | - timelion_chart_height: 'integer', 15 | - timelion_columns: 'integer', 16 | - timelion_rows: 'integer', 17 | - version: 'integer' 18 | + timelion_chart_height: 'long', 19 | + timelion_columns: 'long', 20 | + timelion_rows: 'long', 21 | + version: 'long' 22 | }; 23 | 24 | return SavedSheet; 25 | -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-GeoIP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":\"0.25\",\"heatRadius\":\"26\",\"heatBlur\":\"17\",\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":2,\"mapCenter\":[14.944784875088372,0],\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN HTTP-GeoIP","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-TLSEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-TLSEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-TLSEventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: tls\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-HTTPEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-HTTPEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-HTTPEventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: http\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-ALERTEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-ALERTEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-ALERTEventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-GeoMap.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":\"7\",\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":3,\"mapCenter\":[37.3002752813443,5.09765625],\"precision\":2}}],\"listeners\":{}}","description":"","title":"SN Alert-GeoMap","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN EventTypeOverTimeExcept-StatsAndFlow.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN EventTypeOverTimeExcept-StatsAndFlow\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN EventTypeOverTimeExcept-StatsAndFlow","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: * -event_type: stats -event_type: flow\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Application-protocol.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Application protocol\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"app_proto.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Application protocol","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"event_type:flow\",\"analyze_wildcard\":true}}}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN PerVLAN-FILETransEventsOverTime.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN PerVLAN-FILETransEventsOverTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"vlan\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN PerVLAN-FILETransEventsOverTime","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: fileinfo\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByTlsIssuerByTlsSniByTlsVersionNotGoogleYahooTwiter.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByTlsIssuerByTlsSniNotGoogleYahooTwiter\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alert-ByTlsIssuerByTlsSniByTlsVersionNotGoogleYahooTwiter","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"tls.issuerdn:* AND event_type: alert -Yahoo -Google -Twitter\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-Frags-Deltas.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-Frags-Deltas\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv4.fragments_delta\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.ipv6.fragments_delta\"}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.defrag.max_frag_hits_delta\"}}],\"listeners\":{}}","description":"","title":"SN Stats-Frags-Deltas","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Mean-flow-age-and-count.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Mean flow age and count\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.age\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"count\",\"schema\":\"radius\",\"params\":{}}],\"listeners\":{}}","description":"","title":"SN Mean flow age and count","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"event_type:flow\",\"analyze_wildcard\":true}}}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Syn-SynAck-Rst.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN New Visualization\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":true,\"defaultYExtents\":true,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.syn_delta\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.synack_delta\"}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.rst_delta\"}}],\"listeners\":{}}","description":"","title":"SN Syn-SynAck-Rst","uiStateJSON":"{\"vis\":{\"colors\":{\"Sum of stats.tcp.rst_delta\":\"#BF1B00\",\"Sum of stats.tcp.synack_delta\":\"#629E51\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Flow-unique-count-of-src-and-dst-IP.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Flow unique count of src and dst IP\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":false,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dest_ip.raw\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}","description":"","title":"SN Flow unique count of src and dst IP","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"NOT event_type:stats AND event_type:*\",\"analyze_wildcard\":true}}}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-KernelPacketsAndDrops-Deltas.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-KernelPacketsAndDrops-Deltas\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_drops_delta\"}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_packets_delta\"}},{\"id\":\"5\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN Stats-KernelPacketsAndDrops-Deltas","uiStateJSON":"{\"vis\":{\"colors\":{\"kernel drops: Sum of stats.capture.kernel_drops_delta\":\"#BF1B00\",\"kernel drops: Sum of stats.capture.kernel_packets_delta\":\"#508642\",\"Sum of stats.capture.kernel_packets_delta\":\"#3F6833\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: stats\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-memuse-Deltas.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-memuse-Deltas\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.dns.memuse_delta\"}},{\"id\":\"2\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.http.memuse_delta\"}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.flow.memuse_delta\"}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.memuse_delta\"}},{\"id\":\"5\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.reassembly_memuse_delta\"}},{\"id\":\"6\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}","description":"","title":"SN Stats-memuse-Deltas","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN TLS-transactions-table.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"7\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"6\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"8\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.subject.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN TLS transactions table","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-tls-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Alerts-details.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"6\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"7\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.severity\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"8\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.category.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Alerts details","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-Memcap-Deltas.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-Memcap-Deltas\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.dns.memcap_global_delta\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.dns.memcap_state_delta\"}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.flow.memcap_delta\"}},{\"id\":\"5\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.http.memcap_delta\"}},{\"id\":\"6\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.segment_memcap_drop_delta\"}},{\"id\":\"7\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.tcp.ssn_memcap_drop_delta\"}}],\"listeners\":{}}","description":"","title":"SN Stats-Memcap-Deltas","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type: stats\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN FILE-Transactions.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN FILE-Transactions","uiStateJSON":"{}","panelsJSON":"[{\"id\":\"SN FILE-ByProtoByHostnameServed\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":9},{\"id\":\"SN FILE-ByTypeOverTime\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":9},{\"id\":\"SN FILE-GeoIPPDFAndExecutables\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":12,\"size_y\":8,\"col\":1,\"row\":1},{\"id\":\"SN FILE-Top20DestIP\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":3,\"size_y\":4,\"col\":4,\"row\":13},{\"id\":\"SN FILE-Top20DestPort\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":13},{\"id\":\"SN FILE-Top20SrcIP\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":3,\"size_y\":4,\"col\":1,\"row\":13},{\"id\":\"SN FILE-Top20SrcPort\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":13},{\"id\":\"SN FILE-EventsList\",\"type\":\"search\",\"panelIndex\":12,\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":17,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"fileinfo.type\",\"fileinfo.size\",\"fileinfo.filename\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN FILE-GeoIPPDFAndExecutables.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN FILE-GeoIPPDFAndExecutables\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}},\"spyPerPage\":10},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":2,\"mapCenter\":[14.604847155053898,0],\"precision\":2}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"split\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"fileinfo.type:\\\"executable\\\"\",\"analyze_wildcard\":true}}},\"label\":\"Executables\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"fileinfo.type:\\\"PDF\\\"\",\"analyze_wildcard\":true}}},\"label\":\"PDF\"}],\"row\":true}}],\"listeners\":{}}","description":"","title":"SN FILE-GeoIPPDFAndExecutables","uiStateJSON":"{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"query\":\"fileinfo.type:*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /tools/index-merge.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | import sys 3 | import json 4 | from copy import copy 5 | 6 | if len(sys.argv) != 3: 7 | print >>sys.stderr, 'Syntax: %s [index1.json] [index2.json]' % sys.argv[0] 8 | exit(1) 9 | 10 | class KibanaIndex(object): 11 | def __init__(self, filename): 12 | self.filename = filename 13 | f = open(filename, 'r') 14 | raw = f.read() 15 | f.close() 16 | self.data = json.loads(raw) 17 | self.fields = json.loads(self.data['fields']) 18 | self.fields_name = [f['name'] for f in self.fields] 19 | 20 | def title(self): 21 | return self.data['title'] 22 | 23 | def merge(self, other): 24 | for field in other.fields: 25 | if field['name'] in self.fields_name: 26 | continue 27 | print >>sys.stderr, 'New field: %s' % field['name'] 28 | self.fields.append(field) 29 | self.fields_name.append(field['name']) 30 | 31 | def show(self): 32 | fields = json.dumps(self.fields, separators= (',', ':')) 33 | data = copy(self.data) 34 | data['fields'] = fields 35 | print json.dumps(data, separators= (',', ':')) 36 | 37 | kib1 = KibanaIndex(sys.argv[1]) 38 | kib2 = KibanaIndex(sys.argv[2]) 39 | 40 | print >>sys.stderr, '%s : %s %i' % (kib1.filename, kib1.title(), len(kib1.fields)) 41 | print >>sys.stderr, '%s : %s %i' % (kib2.filename, kib2.title(), len(kib2.fields)) 42 | kib2.merge(kib1) 43 | print >>sys.stderr, '%s : %s %i' % (kib2.filename, kib2.title(), len(kib2.fields)) 44 | kib2.show() 45 | -------------------------------------------------------------------------------- /dashboards/visualization/SN Alert-ByExtraInfoType.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Alert-ByExtraInfoType\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"_exists_:ssh\",\"analyze_wildcard\":true}}},\"label\":\"SSH-Alert\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"_exists_:smtp\",\"analyze_wildcard\":true}}},\"label\":\"SMTP-Alert\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"_exists_:http\",\"analyze_wildcard\":true}}},\"label\":\"HTTP-Alert\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"_exists_:tls\",\"analyze_wildcard\":true}}},\"label\":\"TLS-Alert\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"-_exists_:ssh -_exists_:smtp -_exists_:http -_exists_:tls\",\"analyze_wildcard\":true}}},\"label\":\"AnyOther-Alert\"}]}}],\"listeners\":{}}","description":"","title":"SN Alert-ByExtraInfoType","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-alert-*\",\"query\":{\"query_string\":{\"query\":\"event_type: alert\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN SSH-Transaction-Details.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"7\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"8\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.proto_version.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"6\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"9\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.proto_version.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN SSH Transaction Details","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-ssh-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /load.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | set -x 4 | 5 | cd $(dirname $0) 6 | 7 | function get_name() 8 | { 9 | basename "$1" .json | sed -e 's/ /%20/g' 10 | } 11 | 12 | if [ -z "$1" ]; then 13 | ELASTICSEARCH=http://127.0.0.1:9200 14 | else 15 | ELASTICSEARCH=$1 16 | fi 17 | 18 | if [ -z "$2" ]; then 19 | CURL=curl 20 | else 21 | CURL="curl --user $2" 22 | fi 23 | 24 | echo $CURL 25 | DIR=dashboards 26 | 27 | echo "Cleaning elasticsearch's kibana data" 28 | $CURL -XDELETE $ELASTICSEARCH/.kibana/ ||: 29 | 30 | for file in $DIR/index-pattern/*.json 31 | do 32 | name="$(get_name "$file")" 33 | echo "Loading index pattern $name:" 34 | 35 | $CURL -XPOST "$ELASTICSEARCH/.kibana/index-pattern/$name" \ 36 | -d "@$file" || exit 1 37 | echo 38 | done 39 | 40 | 41 | for file in $DIR/search/*.json 42 | do 43 | name="$(get_name "$file")" 44 | echo "Loading search $name:" 45 | $CURL -XPUT "$ELASTICSEARCH/.kibana/search/$name" \ 46 | -d "@$file" || exit 1 47 | echo 48 | done 49 | 50 | for file in $DIR/visualization/*.json 51 | do 52 | name="$(get_name "$file")" 53 | echo "Loading visualization $name:" 54 | $CURL -XPUT "$ELASTICSEARCH/.kibana/visualization/$name" \ 55 | -d "@$file" || exit 1 56 | echo 57 | done 58 | 59 | for file in $DIR/dashboard/*.json 60 | do 61 | name="$(get_name "$file")" 62 | echo "Loading dashboard $name:" 63 | $CURL -XPUT "$ELASTICSEARCH/.kibana/dashboard/$name" \ 64 | -d "@$file" || exit 1 65 | echo 66 | done 67 | 68 | echo "Loading config:" 69 | $CURL -XPOST $ELASTICSEARCH/.kibana/config/4.3.1 \ 70 | -d @dashboards/config.json || exit 1 71 | -------------------------------------------------------------------------------- /dashboards/visualization/SN Stats-Decoder-Deltas.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN Stats-Decoder-Deltas\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_drops_delta\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"stats.capture.kernel_drops_delta: *\",\"analyze_wildcard\":true}}},\"label\":\"kernel drops\"}]}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"stats.capture.kernel_packets_delta\"}},{\"id\":\"5\",\"type\":\"filters\",\"schema\":\"split\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"stats.capture.kernel_packets_delta: *\",\"analyze_wildcard\":true}}},\"label\":\"kernel packets\"}],\"row\":true}}],\"listeners\":{}}","description":"","title":"SN Stats-Decoder-Deltas","uiStateJSON":"{\"vis\":{\"colors\":{\"kernel drops: Sum of stats.capture.kernel_drops_delta\":\"#BF1B00\",\"kernel drops: Sum of stats.capture.kernel_packets_delta\":\"#508642\"}}}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type: stats\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN TLS.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN TLS","uiStateJSON":"{\"P-5\":{\"vis\":{\"legendOpen\":false}}}","panelsJSON":"[{\"id\":\"SN TLS-ByIssuerdn\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":12},{\"id\":\"SN TLS-BySni\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":6,\"col\":4,\"row\":9},{\"id\":\"SN TLS-BySubject\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":12},{\"id\":\"SN TLS-ByVersionBySni\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":6,\"size_y\":6,\"col\":7,\"row\":15},{\"id\":\"SN TLS-EventsOverTime\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":6,\"size_y\":3,\"col\":4,\"row\":6},{\"id\":\"SN TLS-GeoIP\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":1},{\"id\":\"SN TLS-Top20DestIP\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":6},{\"id\":\"SN TLS-Top20DestPort\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":9},{\"id\":\"SN TLS-Top20SrcIP\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":6},{\"id\":\"SN TLS-Top20SrcPort\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":9},{\"id\":\"SN TLS-EventsList\",\"type\":\"search\",\"panelIndex\":11,\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":15,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"tls.version\",\"tls.sni\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN HTTP-transactions-details.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"6\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"8\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"9\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.url.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"10\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"11\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.length\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"12\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN HTTP transactions details","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-http-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN VLAN.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN VLAN","uiStateJSON":"{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"P-3\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}}","panelsJSON":"[{\"id\":\"SN Alert-ByVLANID\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":1},{\"id\":\"SN Alert-ByVLANIDTop20\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":9},{\"id\":\"SN SMTP-Top20VLAN\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":13},{\"id\":\"SN SMTP-Top20VLANsOverTime\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":9},{\"id\":\"SN PerVLAN-ALERTEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1},{\"id\":\"SN PerVLAN-DNSEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":17},{\"id\":\"SN PerVLAN-FILETransEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":17},{\"id\":\"SN PerVLAN-HTTPEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":5},{\"id\":\"SN PerVLAN-SMTPEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":5},{\"id\":\"SN PerVLAN-SSHEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":13},{\"id\":\"SN PerVLAN-TLSEventsOverTime\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":21}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/visualization/SN Files-informations-details.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"fileinfo.size\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"9\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"10\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"8\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"app_proto.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"11\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"12\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fileinfo.filename.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fileinfo.magic.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fileinfo.md5.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","description":"","title":"SN Files informations details","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-fileinfo-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN SSH.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN SSH","uiStateJSON":"{\"P-6\":{\"vis\":{\"legendOpen\":false}}}","panelsJSON":"[{\"id\":\"SN SSH-ByClientProtoVer\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":9},{\"id\":\"SN SSH-ByClientSoftwareVer\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":7},{\"id\":\"SN SSH-ByServerProtoVer\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":9},{\"id\":\"SN SSH-ByServerSoftwareVer\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":7},{\"id\":\"SN SSH-EventsOverTime\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":10},{\"id\":\"SN SSH-GeoIP\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":1},{\"id\":\"SN SSH-Top20DestIP\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":11},{\"id\":\"SN SSH-Top20DestPort\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":7},{\"id\":\"SN SSH-Top20SrcIP\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":11},{\"id\":\"SN SSH-Top20SrcPort\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":7},{\"id\":\"SN SSH-EventsList\",\"type\":\"search\",\"panelIndex\":12,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":14,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"ssh.server.proto_version\",\"ssh.server.software_version\",\"ssh.client.software_version\",\"ssh.client.proto_version\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN ALL.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN ALL","uiStateJSON":"{\"P-10\":{\"vis\":{\"legendOpen\":false}},\"P-23\":{\"vis\":{\"colors\":{\"Count\":\"#1F78C1\"},\"legendOpen\":false}},\"P-2\":{\"vis\":{\"legendOpen\":false}},\"P-25\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}}","panelsJSON":"[{\"id\":\"SN Alert-Count\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":4},{\"id\":\"SN DNS-DnsOverTime\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":12},{\"id\":\"SN Alert-ByExtraInfoType\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":4},{\"id\":\"SN Alert-Top20Signatures\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":8},{\"id\":\"SN FILE-EventsOverTime\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":8},{\"id\":\"SN SMTP-SmtpOverTime\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":12},{\"id\":\"SN SSH-EventsOverTime\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":16},{\"id\":\"SN Proto-app_proto\",\"type\":\"visualization\",\"panelIndex\":21,\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":8},{\"id\":\"SN TLS-EventsOverTime\",\"type\":\"visualization\",\"panelIndex\":23,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":16},{\"id\":\"SN EventTypeOverTimeAll\",\"type\":\"visualization\",\"panelIndex\":25,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"SN ALL-EventsList\",\"type\":\"search\",\"panelIndex\":26,\"size_x\":12,\"size_y\":4,\"col\":1,\"row\":24,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | =============================== 2 | Kibana 4 Templates for Suricata 3 | =============================== 4 | 5 | Templates/Dashboards for Kibana 4 to use with Suricata IDPS and the ELK stack 6 | 7 | This repository provides 11 templates for the Kibana 4.4 and Elasticsearch 2.x 8 | for use with Suricata IDS/IPS - Intrusion Detection and Prevention System. 9 | 10 | These dashboards are for use with Suricata and ELK - Elasticsearch, Logstash, 11 | Kibana and comprise of more than 140 visualizations and 11 searches. 12 | 13 | The dashboards are: 14 | 15 | - ALL 16 | - ALERTS 17 | - DNS 18 | - FILE Transactions 19 | - FLOW 20 | - HTTP 21 | - SMTP 22 | - SSH 23 | - TLS 24 | - VLAN 25 | - STATS 26 | 27 | How to use 28 | ========== 29 | 30 | :: 31 | 32 | apt-get install git-core 33 | git clone https://github.com/StamusNetworks/KTS.git 34 | cd KTS 35 | 36 | Kibana 4.4.x needs to be patched in order to load the templates. 37 | If you have installed Kibana in ``/opt/kibana`` for example: :: 38 | 39 | patch -p1 -d /opt/kibana/ < full/path/to/KTS/patches/kibana-integer.patch 40 | patch -p1 -d /opt/kibana/ < full/path/to//KTS/patches/timelion-integer.patch 41 | 42 | **NOTE:** The loading of the dashboards will ***delete and replace*** any previously exiting templates/visualizations. !!! 43 | 44 | Load the dashboards: :: 45 | 46 | ./load.sh 47 | 48 | Open the dashboards in Kibana 49 | 50 | - Open your Kibana web interface (ip.ip.ip.ip:5601), select default index 51 | - Right upper corner, Load -> Choose the desired dashboard 52 | - Load the desired template(s) 53 | 54 | **NOTE:** 55 | In order to use the full HTTP logging dashboard template you need to set up Suricata as 56 | explained here - http://www.pevma.blogspot.se/2014/06/http-header-fields-extended-logging.html 57 | 58 | **NOTE:** 59 | If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in ``suricata.yaml`` - 60 | 61 | vlan: 62 | use-for-tracking: true 63 | 64 | **NOTE:** 65 | For best user experience use with 1680 x 1050 screen resolution!! 66 | 67 | Do not hesitate to test,feedback and contribute ! 68 | -------------------------------------------------------------------------------- /dashboards/dashboard/SN SMTP.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN SMTP","uiStateJSON":"{\"P-12\":{\"vis\":{\"legendOpen\":false}},\"P-11\":{\"vis\":{\"legendOpen\":false}}}","panelsJSON":"[{\"id\":\"SN SMTP-AttachmentsExtension\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":7},{\"id\":\"SN SMTP-GeoIP\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":1},{\"id\":\"SN SMTP-SmtpOverTime\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":7},{\"id\":\"SN SMTP-Top20DestIP\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":3,\"size_y\":4,\"col\":4,\"row\":11},{\"id\":\"SN SMTP-Top20DestPort\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":11},{\"id\":\"SN SMTP-Top20MailApplications\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":19},{\"id\":\"SN SMTP-Top20MailOrganisations\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":3,\"size_y\":4,\"col\":7,\"row\":19},{\"id\":\"SN SMTP-Top20MailSendingIPs\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":19},{\"id\":\"SN SMTP-Top20SrcIP\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":3,\"size_y\":4,\"col\":1,\"row\":11},{\"id\":\"SN SMTP-Top20SrcPort\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":3,\"size_y\":4,\"col\":10,\"row\":11},{\"id\":\"SN SMTP-Top20mail_from\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":15},{\"id\":\"SN SMTP-Top20rcpt_to\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":15},{\"id\":\"SN SMTP-EventsList\",\"type\":\"search\",\"panelIndex\":13,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":23,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"email.user_agent\",\"email.attachment\",\"email.x_originating_ip\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN DNS.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN DNS","uiStateJSON":"{\"P-2\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-3\":{\"vis\":{\"legendOpen\":false}}}","panelsJSON":"[{\"id\":\"SN DNS-ByProto\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":13},{\"id\":\"SN DNS-ByTtl\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":6},{\"id\":\"SN DNS-DnsOverTime\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":6},{\"id\":\"SN DNS-Rcode\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":13},{\"id\":\"SN DNS-Rdata\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":16},{\"id\":\"SN DNS-Rrname\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":16},{\"id\":\"SN DNS-Rrtype\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":13},{\"id\":\"SN DNS-Top20DestIP\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":10},{\"id\":\"SN DNS-Top20DestPort\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":10},{\"id\":\"SN DNS-Top20SrcIP\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":10},{\"id\":\"SN DNS-Top20SrcPort\",\"type\":\"visualization\",\"panelIndex\":13,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":10},{\"id\":\"SN DNS-Type\",\"type\":\"visualization\",\"panelIndex\":14,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":13},{\"id\":\"SN DNS-GeoIP\",\"type\":\"visualization\",\"panelIndex\":15,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":1},{\"id\":\"SN DNS-EventsList\",\"type\":\"search\",\"panelIndex\":16,\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":19,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"dns.rrname\",\"dns.rrtype\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN STATS.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN STATS","uiStateJSON":"{\"P-9\":{\"vis\":{\"colors\":{\"kernel drops: Sum of stats.capture.kernel_drops_delta\":\"#BF1B00\",\"kernel drops: Sum of stats.capture.kernel_packets_delta\":\"#508642\",\"Sum of stats.capture.kernel_packets_delta\":\"#1F78C1\",\"Sum of stats.capture.kernel_drops_delta\":\"#BF1B00\"}}}}","panelsJSON":"[{\"col\":1,\"id\":\"SN Stats-CapturedPktsVsGaps\",\"panelIndex\":1,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN Stats-DecoderAvgMaxPktSize\",\"panelIndex\":3,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-DecoderBytes-Packets\",\"panelIndex\":4,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-DecoderProto-Deltas\",\"panelIndex\":5,\"row\":13,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-EmergencyMode\",\"panelIndex\":6,\"row\":17,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-Frags\",\"panelIndex\":7,\"row\":20,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN Stats-Frags-Deltas\",\"panelIndex\":8,\"row\":20,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-KernelPacketsAndDrops-Deltas\",\"panelIndex\":9,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN Stats-Memcap-Deltas\",\"panelIndex\":10,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN Stats-TotalKernelPackets\",\"panelIndex\":11,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN Stats-ipv4-ipv6-fragments\",\"panelIndex\":12,\"row\":17,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN Stats-memuse-Deltas\",\"panelIndex\":13,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"SN STATS-EventsList\",\"type\":\"search\",\"panelIndex\":14,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":23,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":true}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"}} -------------------------------------------------------------------------------- /patches/kibana-integer.patch: -------------------------------------------------------------------------------- 1 | diff -u -r kibana-4.3.1-linux-x64/src/plugins/kibana/public/dashboard/services/_saved_dashboard.js kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/dashboard/services/_saved_dashboard.js 2 | --- kibana-4.3.1-linux-x64/src/plugins/kibana/public/dashboard/services/_saved_dashboard.js 2015-12-09 23:45:50.000000000 +0100 3 | +++ kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/dashboard/services/_saved_dashboard.js 2016-01-26 11:09:49.077222990 +0100 4 | @@ -47,12 +47,12 @@ 5 | // if type:dashboard has no mapping, we push this mapping into ES 6 | SavedDashboard.mapping = { 7 | title: 'string', 8 | - hits: 'integer', 9 | + hits: 'long', 10 | description: 'string', 11 | panelsJSON: 'string', 12 | optionsJSON: 'string', 13 | uiStateJSON: 'string', 14 | - version: 'integer', 15 | + version: 'long', 16 | timeRestore: 'boolean', 17 | timeTo: 'string', 18 | timeFrom: 'string', 19 | diff -u -r kibana-4.3.1-linux-x64/src/plugins/kibana/public/discover/saved_searches/_saved_search.js kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/discover/saved_searches/_saved_search.js 20 | --- kibana-4.3.1-linux-x64/src/plugins/kibana/public/discover/saved_searches/_saved_search.js 2015-12-09 23:45:50.000000000 +0100 21 | +++ kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/discover/saved_searches/_saved_search.js 2016-01-26 11:09:49.073223098 +0100 22 | @@ -33,10 +33,10 @@ 23 | SavedSearch.mapping = { 24 | title: 'string', 25 | description: 'string', 26 | - hits: 'integer', 27 | + hits: 'long', 28 | columns: 'string', 29 | sort: 'string', 30 | - version: 'integer' 31 | + version: 'long' 32 | }; 33 | 34 | SavedSearch.searchSource = true; 35 | diff -u -r kibana-4.3.1-linux-x64/src/plugins/kibana/public/visualize/saved_visualizations/_saved_vis.js kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/visualize/saved_visualizations/_saved_vis.js 36 | --- kibana-4.3.1-linux-x64/src/plugins/kibana/public/visualize/saved_visualizations/_saved_vis.js 2015-12-09 23:45:50.000000000 +0100 37 | +++ kibana-4.3.1-linux-x64-1/src/plugins/kibana/public/visualize/saved_visualizations/_saved_vis.js 2016-01-26 11:09:49.077222990 +0100 38 | @@ -48,7 +48,7 @@ 39 | uiStateJSON: 'string', 40 | description: 'string', 41 | savedSearchId: 'string', 42 | - version: 'integer' 43 | + version: 'long' 44 | }; 45 | 46 | SavedVis.searchSource = true; 47 | -------------------------------------------------------------------------------- /dashboards/visualization/SN SMTP-AttachmentsExtension.json: -------------------------------------------------------------------------------- 1 | {"visState":"{\"title\":\"SN SMTP-AttachmentsType\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.pdf\\\"\",\"analyze_wildcard\":true}}},\"label\":\"PDF-Attachments\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.doc\\\" OR email.attachment:\\\"*.docx\\\"\",\"analyze_wildcard\":true}}},\"label\":\"Word-Attachments\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.xls\\\" OR email.attachment:\\\"*.xlsx\\\"\",\"analyze_wildcard\":true}}},\"label\":\"Excel-Attachments\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.ppt\\\" OR email.attachment:\\\"*.pptx\\\"\",\"analyze_wildcard\":true}}},\"label\":\"PPT-Attachments\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.exe\\\" OR smtp.attachment:\\\"*.com\\\" OR email.attachment:\\\"*.dll\\\" OR email.attachment:\\\"*.msi\\\" OR email.attachment:\\\"*.msp\\\" OR email.attachment:\\\"*.jar\\\" OR email.attachment:\\\"*.bin\\\"\",\"analyze_wildcard\":true}}},\"label\":\"Executables-Attachments\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"email.attachment:\\\"*.sh\\\" OR email.attachment:\\\"*.bat\\\" OR email.attachment:\\\"*.cmd\\\" OR email.attachment:\\\"*.vbs\\\" OR email.attachment:\\\"*.vb\\\" OR email.attachment:\\\"*.js\\\" OR email.attachment:\\\"*.ps1\\\" OR email.attachment:\\\"*.ps2\\\" OR email.attachment:\\\"*.csh\\\" OR email.attachment:\\\"*.ksh\\\" OR email.attachment:\\\"*.rgs\\\"\",\"analyze_wildcard\":true}}},\"label\":\"ShellScripts-Attachments\"}]}}],\"listeners\":{}}","description":"","title":"SN SMTP-AttachmentsExtension","uiStateJSON":"{}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"logstash-smtp-*\",\"query\":{\"query_string\":{\"query\":\"event_type: smtp\",\"analyze_wildcard\":true}},\"filter\":[]}"}} -------------------------------------------------------------------------------- /dashboards/dashboard/SN HTTP.json: -------------------------------------------------------------------------------- 1 | {"hits":0,"timeFrom":"now-24h","timeRestore":true,"description":"","title":"SN HTTP","uiStateJSON":"{\"P-1\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}},\"P-2\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}},\"P-4\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}},\"P-6\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":false}},\"P-9\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}}}","panelsJSON":"[{\"col\":1,\"id\":\"SN HTTP-AcceptEncoding\",\"panelIndex\":1,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"SN HTTP-AcceptEncodingByConnection\",\"panelIndex\":2,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN HTTP-CacheControl\",\"panelIndex\":4,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"SN HTTP-ContentTypeByAplication\",\"panelIndex\":5,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN HTTP-EventsOverTime\",\"panelIndex\":6,\"row\":13,\"size_x\":7,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN HTTP-GeoIP\",\"panelIndex\":7,\"row\":1,\"size_x\":12,\"size_y\":6,\"type\":\"visualization\"},{\"col\":8,\"id\":\"SN HTTP-Servers\",\"panelIndex\":8,\"row\":13,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN HTTP-StatusCode\",\"panelIndex\":9,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"SN HTTP-UserAgentDevices\",\"panelIndex\":11,\"row\":17,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":10,\"id\":\"SN HTTP-UserAgentMajor\",\"panelIndex\":12,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"SN HTTP-UserAgentName\",\"panelIndex\":14,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"SN HTTP-UserAgentOS\",\"panelIndex\":15,\"row\":17,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"SN HTTP-UserAgentOSName\",\"panelIndex\":16,\"row\":17,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"SN HTTP-Vary\",\"panelIndex\":18,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"SN HTTP-EventsList\",\"type\":\"search\",\"panelIndex\":19,\"size_x\":12,\"size_y\":6,\"col\":1,\"row\":21,\"columns\":[\"event_type\",\"src_ip\",\"src_port\",\"proto\",\"dest_ip\",\"dest_port\",\"http.http_method\",\"http.hostname\",\"http.status\",\"http.protocol\",\"http.server\"],\"sort\":[\"@timestamp\",\"desc\"]}]","timeTo":"now","optionsJSON":"{\"darkTheme\":false}","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"}} --------------------------------------------------------------------------------