[ { "_id": "Metron-Dashboard", "_type": "dashboard", "_source": { "hits": 0, "timeRestore": false, "description": "", "title": "Metron Dashboard", "uiStateJSON": "{\"P-23\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-34\":{\"vis\":{\"legendOpen\":false}}}", "panelsJSON": "[{\"col\":1,\"id\":\"Welcome\",\"panelIndex\":30,\"row\":1,\"size_x\":11,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Total-Events\",\"panelIndex\":6,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Events\",\"panelIndex\":16,\"row\":3,\"size_x\":8,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Event-Types\",\"panelIndex\":15,\"row\":5,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Location-Header\",\"panelIndex\":24,\"row\":7,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Unique-Location(s)\",\"panelIndex\":23,\"row\":9,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Flow-Locations\",\"panelIndex\":32,\"row\":7,\"size_x\":8,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Country\",\"panelIndex\":8,\"row\":11,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"YAF-Flows-Header\",\"panelIndex\":27,\"row\":13,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"YAF-Flow(s)\",\"panelIndex\":21,\"row\":15,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"columns\":[\"ip_src_addr\",\"ip_src_port\",\"ip_dst_addr\",\"ip_dst_port\",\"protocol\",\"duration\",\"pkt\"],\"id\":\"yaf-search\",\"panelIndex\":20,\"row\":13,\"size_x\":8,\"size_y\":6,\"sort\":[\"duration\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Flow-Duration\",\"panelIndex\":31,\"row\":17,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Snort-Header\",\"panelIndex\":25,\"row\":19,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"columns\":[\"msg\",\"sig_id\",\"ip_src_addr\",\"ip_src_port\",\"ip_dst_addr\",\"ip_dst_port\"],\"id\":\"snort-search\",\"panelIndex\":3,\"row\":19,\"size_x\":8,\"size_y\":6,\"sort\":[\"timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Snort-Alert-Types\",\"panelIndex\":10,\"row\":21,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Alerts-By-Host\",\"panelIndex\":19,\"row\":23,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Web-Request-Header\",\"panelIndex\":26,\"row\":25,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"columns\":[\"method\",\"host\",\"uri\",\"referrer\",\"user_agent\",\"ip_src_addr\",\"ip_dst_addr\"],\"id\":\"web-search\",\"panelIndex\":4,\"row\":25,\"size_x\":8,\"size_y\":6,\"sort\":[\"timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"HTTP(S)-Requests\",\"panelIndex\":17,\"row\":27,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Requests-Header\",\"panelIndex\":29,\"row\":31,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"columns\":[\"query\",\"qtype_name\",\"answers\",\"ip_src_addr\",\"ip_dst_addr\"],\"id\":\"dns-search\",\"panelIndex\":5,\"row\":31,\"size_x\":8,\"size_y\":6,\"sort\":[\"timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"DNS-Request(s)\",\"panelIndex\":14,\"row\":33,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Web-Request-Type\",\"panelIndex\":33,\"row\":29,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"}]", "optionsJSON": "{\"darkTheme\":false}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "Metron-Error-Dashboard", "_type": "dashboard", "_source": { "hits": 0, "timeRestore": false, "description": "", "title": "Metron Error Dashboard", "uiStateJSON": "{\"P-2\":{\"vis\":{\"legendOpen\":true}},\"P-23\":{\"vis\":{\"colors\":{\"amb3.service.consul\":\"#629E51\",\"host\":\"#629E51\",\"host2\":\"#9AC48A\",\"hostAnother\":\"#7EB26D\",\"hostNew\":\"#B7DBAB\"}}},\"P-3\":{\"vis\":{\"colors\":{\"fourth\":\"#1F78C1\",\"new_error\":\"#BADFF4\",\"test_error\":\"#82B5D8\"}}},\"P-5\":{\"vis\":{\"colors\":{\"another_new_parser_error\":\"#806EB7\",\"new_parser_error\":\"#AEA2E0\",\"parser_error\":\"#614D93\"}}}}", "panelsJSON": "[{\"col\":5,\"id\":\"Errors-By-Error-Type\",\"panelIndex\":2,\"row\":9,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Error-Source-Proportion\",\"panelIndex\":3,\"row\":9,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Errors-By-Source-Type\",\"panelIndex\":4,\"row\":12,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Error-Type-Proportion\",\"panelIndex\":5,\"row\":12,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":8,\"id\":\"Unique-Error-Messages\",\"panelIndex\":19,\"row\":1,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Total-Error-Messages\",\"panelIndex\":20,\"row\":1,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Errors-By-Hostname\",\"panelIndex\":22,\"row\":15,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Error-Hostname-Proportion\",\"panelIndex\":23,\"row\":15,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"failed_sensor_type\",\"error_type\",\"exception\",\"hostname\",\"message\",\"raw_message\",\"error_hash\"],\"id\":\"Errors\",\"panelIndex\":25,\"row\":18,\"size_x\":12,\"size_y\":7,\"sort\":[\"timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Error-Histogram-By-Sensor-Type\",\"panelIndex\":27,\"row\":3,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Unique-Error-Histogram-By-Sensor-Type\",\"type\":\"visualization\",\"panelIndex\":28,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":6}]", "optionsJSON": "{\"darkTheme\":false}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "snort-search", "_type": "search", "_source": { "sort": [ "timestamp", "desc" ], "hits": 0, "description": "", "title": "Snort Alerts", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"snort*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" }, "columns": [ "msg", "sig_id", "ip_src_addr", "ip_src_port", "ip_dst_addr", "ip_dst_port" ] } }, { "_id": "yaf-search", "_type": "search", "_source": { "sort": [ "timestamp", "desc" ], "hits": 0, "description": "", "title": "YAF", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"yaf*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" }, "columns": [ "ip_src_addr", "ip_src_port", "ip_dst_addr", "ip_dst_port", "protocol", "duration", "pkt" ] } }, { "_id": "Errors", "_type": "search", "_source": { "sort": [ "timestamp", "desc" ], "hits": 0, "description": "", "title": "Errors", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" }, "columns": [ "failed_sensor_type", "error_type", "exception", "hostname", "message", "raw_message", "error_hash" ] } }, { "_id": "web-search", "_type": "search", "_source": { "sort": [ "timestamp", "desc" ], "hits": 0, "description": "", "title": "Web Requests", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bro*\",\"query\":{\"query_string\":{\"query\":\"protocol: http OR protocol: https\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" }, "columns": [ "method", "host", "uri", "referrer", "ip_src_addr", "ip_dst_addr" ] } }, { "_id": "dns-search", "_type": "search", "_source": { "sort": [ "timestamp", "desc" ], "hits": 0, "description": "", "title": "DNS Requests", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bro*\",\"query\":{\"query_string\":{\"query\":\"protocol: dns\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" }, "columns": [ "query", "qtype_name", "answers", "ip_src_addr", "ip_dst_addr" ] } }, { "_id": "Welcome", "_type": "visualization", "_source": { "visState": "{\"title\":\"Welcome to Apache Metron\",\"type\":\"markdown\",\"params\":{\"markdown\":\"This dashboard enables the validation of Apache Metron and the end-to-end functioning of its default sensor suite. The default sensor suite includes [Snort](https://www.snort.org/), [Bro](https://www.bro.org/), and [YAF](https://tools.netsa.cert.org/yaf/). One of Apache Metron's primary goals is to simplify the onboarding of additional sources of telemetry. In a production deployment these default sensors should be replaced with ones applicable to the target environment.\\n\\nApache Metron enables disparate sources of telemetry to all be viewed under a 'single pane of glass.' Telemetry from each of the default sensors can be searched, aggregated, summarized, and viewed within this dashboard. This dashboard should be used as a springboard upon which to create your own customized dashboards.\\n\\nThe panels below highlight the volume and variety of events that are currently being consumed by Apache Metron.\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Welcome to Apache Metron", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { "_id": "Top-Snort-Alerts-by-Source", "_type": "visualization", "_source": { "visState": "{\"title\":\"Top Snort Alerts by Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}", "description": "", "title": "Top Snort Alerts by Source", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"snort*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Web-Request-Type", "_type": "visualization", "_source": { "visState": "{\"title\":\"Web Request Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Web Request Type", "uiStateJSON": "{}", "version": 1, "savedSearchId": "web-search", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Errors-By-Hostname", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Errors By Error Type\",\n \"type\": \"histogram\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"defaultYExtents\": false,\n \"mode\": \"grouped\",\n \"scale\": \"linear\",\n \"setYExtents\": false,\n \"shareYAxis\": true,\n \"times\": [],\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {\n \"customLabel\": \"Count\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"4\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"error_hash\",\n \"customLabel\": \"Unique Datapoint Count\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Errors By Hostname", "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Unique Datapoint Count\": \"#9AC48A\",\n \"Count\": \"#629E51\"\n }\n }\n}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Web-Request-Header", "_type": "visualization", "_source": { "visState": "{\"title\":\"Web Request Header\",\"type\":\"markdown\",\"params\":{\"markdown\":\"The [Bro Network Security Monitor](https://www.bro.org/) is extracting application-level information from raw network packets. In this example, Bro is extracting HTTP(S) requests being made over the network. \"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Web Request Header", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Error-Type-Proportion", "_type": "visualization", "_source": { "visState": "{\"title\":\"Error Type Proportion\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"error_type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Error Type Proportion", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Flow-Duration", "_type": "visualization", "_source": { "visState": "{\"title\":\"Flow Duration\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"duration\",\"interval\":10,\"extended_bounds\":{},\"customLabel\":\"Flow Duration (seconds)\"}}],\"listeners\":{}}", "description": "", "title": "Flow Duration", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"yaf*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Errors-By-Source", "_type": "visualization", "_source": { "visState": "{\"title\":\"Errors By Source\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "description": "", "title": "Errors By Source", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Events", "_type": "visualization", "_source": { "visState": "{\"title\":\"Events\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source:type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Events", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Error-Hostname-Proportion", "_type": "visualization", "_source": { "visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"customLabel\":\"Sensor\",\"field\":\"hostname\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"shareYAxis\":true},\"title\":\"Error Source Proportion\",\"type\":\"pie\"}", "description": "", "title": "Error Hostname Proportion", "uiStateJSON": "{\"vis\":{\"colors\":{\"host\":\"#629E51\",\"host2\":\"#9AC48A\",\"hostAnother\":\"#7EB26D\",\"hostNew\":\"#B7DBAB\"}}}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { "_id": "Unique-Error-Messages", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Total Unique Error Messages\",\n \"type\": \"metric\",\n \"params\": {\n \"handleNoResults\": true,\n \"fontSize\": 60\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"error_hash\",\n \"customLabel\": \"Unique Error Messages\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Unique Error Messages", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Errors-By-Error-Type", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Errors By Error Type\",\n \"type\": \"histogram\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"defaultYExtents\": false,\n \"mode\": \"grouped\",\n \"scale\": \"linear\",\n \"setYExtents\": false,\n \"shareYAxis\": true,\n \"times\": [],\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {\n \"customLabel\": \"Count\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"error_type\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"4\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"error_hash\",\n \"customLabel\": \"Unique Datapoint Count\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Errors By Error Type", "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Unique Datapoint Count\": \"#806EB7\",\n \"Count\": \"#614D93\"\n }\n }\n}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Snort-Header", "_type": "visualization", "_source": { "visState": "{\"title\":\"Snort\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Snort](https://www.snort.org/) is a Network Intrusion Detection System (NIDS) that is being used to generate alerts identifying known bad events. Snort relies on a fixed set of rules that act as signatures for identifying abnormal events.\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Snort", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "YAF-Flow(s)", "_type": "visualization", "_source": { "visState": "{\"title\":\"YAF Flows\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", "description": "", "title": "YAF Flows", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"yaf*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Top-DNS-Query", "_type": "visualization", "_source": { "visState": "{\"title\":\"Top DNS Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Top DNS Query", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bro*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Event-Types", "_type": "visualization", "_source": { "visState": "{\"title\":\"Event Sources\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source:type\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Event Sources", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Total-Events", "_type": "visualization", "_source": { "visState": "{\"title\":\"Event Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}", "description": "", "title": "Event Count", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Unique-Location(s)", "_type": "visualization", "_source": { "visState": "{\"title\":\"Geo-IP Locations\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"enrichments:geo:ip_src_addr:locID\",\"customLabel\":\"Unique Location(s)\"}}],\"listeners\":{}}", "description": "", "title": "Geo-IP Locations", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Top-Alerts-By-Host", "_type": "visualization", "_source": { "visState": "{\"title\":\"Top Alerts By Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_src_addr\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", "description": "", "title": "Top Alerts By Host", "uiStateJSON": "{}", "version": 1, "savedSearchId": "snort-search", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Total-Error-Messages", "_type": "visualization", "_source": { "visState": "{\"title\":\"Total Errored Messages\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Error Messages\"}}],\"listeners\":{}}", "description": "", "title": "Total Error Messages", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Errors-By-Source-Type", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Errors By Source Type\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"scale\": \"linear\",\n \"mode\": \"grouped\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {\n \"customLabel\": \"Count\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"failed_sensor_type\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"4\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"error_hash\",\n \"customLabel\": \"Unique Datapoint Count\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Errors By Source Type", "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Unique Datapoint Count\": \"#0A50A1\",\n \"Count\": \"#5195CE\"\n }\n }\n}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Error-Histogram-By-Sensor-Type", "_type": "visualization", "_source": { "visState": "{\"title\":\"Error Histogram By Sensor Type\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"failed_sensor_type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Error Histogram By Sensor Type", "uiStateJSON": "{}", "version": 1, "savedSearchId": "Errors", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Location-Header", "_type": "visualization", "_source": { "visState": "{\"title\":\"Enrichment\",\"type\":\"markdown\",\"params\":{\"markdown\":\"Apache Metron can perform real-time enrichment of telemetry data as it is consumed. To highlight this feature, all of the IP address fields collected from the default sensor suite were used to perform geo-ip lookups. This data was then used to pinpoint each location on the map.\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Enrichment", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Snort-Alert-Types", "_type": "visualization", "_source": { "visState": "{\"title\":\"Snort Alert Types\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sig_id\",\"customLabel\":\"Alert Type(s)\"}}],\"listeners\":{}}", "description": "", "title": "Snort Alert Types", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"snort*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Frequent-DNS-Queries", "_type": "visualization", "_source": { "visState": "{\"title\":\"Frequent DNS Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Frequent DNS Requests", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bro*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "DNS-Request(s)", "_type": "visualization", "_source": { "visState": "{\"title\":\"DNS Requests\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", "description": "", "title": "DNS Requests", "uiStateJSON": "{}", "version": 1, "savedSearchId": "dns-search", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "HTTP(S)-Requests", "_type": "visualization", "_source": { "visState": "{\"title\":\"Web Requests\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", "description": "", "title": "Web Requests", "uiStateJSON": "{}", "version": 1, "savedSearchId": "web-search", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Errors-Over-Time", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Error Over Time\",\n \"type\": \"line\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"showCircles\": true,\n \"smoothLines\": false,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": true,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {\n \"min\": 0\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Errors Over Time", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Error-Source-Proportion", "_type": "visualization", "_source": { "visState": "{\n \"title\": \"Sensor Type Proportion\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"failed_sensor_type\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Sensor\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "title": "Error Source Proportion", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"error*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" } } }, { "_id": "Error-Date-Histogram", "_type": "visualization", "_source": { "visState": "{\"title\":\"New Visualization\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}", "description": "", "title": "Error Date Histogram", "uiStateJSON": "{}", "version": 1, "savedSearchId": "Errors", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "DNS-Requests-Header", "_type": "visualization", "_source": { "visState": "{\"aggs\":[],\"listeners\":{},\"params\":{\"markdown\":\"[Bro](https://www.bro.org/) is extracting DNS requests and responses being made over the network. Understanding who is making those requests, the frequency, and types can provide a deep understanding of the actors present on the network.\"},\"title\":\"DNS Requests\",\"type\":\"markdown\"}", "description": "", "title": "DNS Requests", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { "_id": "YAF-Flows-Header", "_type": "visualization", "_source": { "visState": "{\"title\":\"YAF\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[YAF](https://tools.netsa.cert.org/yaf/yaf.html) can be used to generate Netflow-like flow records. These flow records provide significant visibility of the actors communicating over the target network.\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "YAF", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { "_id": "Top-5-Exceptions", "_type": "visualization", "_source": { "visState": "{\"title\":\"Top-5 Exceptions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"exception\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Exceptions\"}}],\"listeners\":{}}", "description": "", "title": "Top-5 Exceptions", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"error*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Frequent-DNS-Requests", "_type": "visualization", "_source": { "visState": "{\"title\":\"Frequent DNS Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Query\"}}],\"listeners\":{}}", "description": "", "title": "Frequent DNS Requests", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bro*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Country", "_type": "visualization", "_source": { "visState": "{\"title\":\"By Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"enrichments:geo:ip_src_addr:country\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "By Country", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Top-Destinations", "_type": "visualization", "_source": { "visState": "{\"title\":\"Top Destinations\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip_dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}],\"listeners\":{}}", "description": "", "title": "Top Destinations", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Unusual-Referrers", "_type": "visualization", "_source": { "visState": "{\"title\":\"Unusual Referrers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"significant_terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer\",\"size\":5,\"customLabel\":\"Top 5 Unusual Referrers\"}}],\"listeners\":{}}", "description": "", "title": "Unusual Referrers", "uiStateJSON": "{}", "version": 1, "savedSearchId": "web-search", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Unique-Error-Histogram-By-Sensor-Type", "_type": "visualization", "_source": { "visState": "{\"title\":\"Error Histogram By Sensor Type\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"error_hash\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"failed_sensor_type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "Unique Error Histogram By Sensor Type", "uiStateJSON": "{}", "version": 1, "savedSearchId": "Errors", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "Flow-Locations", "_type": "visualization", "_source": { "visState": "{\"title\":\"Flow Locations\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":true,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"enrichments:geo:ip_dst_addr:location_point\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}", "description": "", "title": "Flow Locations", "uiStateJSON": "{}", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":[\"yaf*\",\"bro*\",\"snort*\"],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } } ]