From 4a1ae52d98261aa84b81c45e4bf7dc0d401e95bf Mon Sep 17 00:00:00 2001 From: doug Date: Sun, 10 Dec 2017 16:45:38 -0500 Subject: [PATCH] rename type to evnt_type and add beats listener --- configfiles/0006_input_beats.conf | 10 ++++++++++ ...nput_import.conf => 0007_input_import.conf} | 0 configfiles/8999_postprocess_rename_type.conf | 8 ++++++++ configfiles/9004_output_flow.conf | 4 ++-- configfiles/9026_output_dhcp.conf | 4 ++-- configfiles/9029_output_esxi.conf | 4 ++-- configfiles/9030_output_greensql.conf | 4 ++-- configfiles/9031_output_iis.conf | 4 ++-- configfiles/9032_output_mcafee.conf | 4 ++-- configfiles/9033_output_snort.conf | 4 ++-- configfiles/9300_output_windows.conf | 4 ++-- configfiles/9301_output_dns_windows.conf | 4 ++-- configfiles/9400_output_suricata.conf | 4 ++-- .../01600fb0-34e4-11e7-9669-7f1d3242b798.json | 4 ++-- .../022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json | 4 ++-- .../0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json | 4 ++-- .../230134a0-34c6-11e7-8360-0b86c90983fd.json | 4 ++-- .../27f3b380-3583-11e7-a588-05992195c551.json | 4 ++-- .../2d315d80-3582-11e7-98ef-19df58fe538b.json | 4 ++-- .../2fdf5bf0-3581-11e7-98ef-19df58fe538b.json | 4 ++-- .../3a457d70-3583-11e7-a588-05992195c551.json | 6 +++--- .../46582d50-3af2-11e7-a83b-b1b4da7d15f4.json | 4 ++-- .../468022c0-3583-11e7-a588-05992195c551.json | 4 ++-- .../4e108070-46c7-11e7-946f-1bfb1be7c36b.json | 2 +- .../50173bd0-3582-11e7-98ef-19df58fe538b.json | 4 ++-- .../56a34ce0-3583-11e7-a588-05992195c551.json | 4 ++-- .../61d43810-6d62-11e7-8ddb-e71eb260f4a3.json | 4 ++-- .../68563ed0-34bf-11e7-9b32-bb903919ead9.json | 10 +++++----- .../68f738e0-46ca-11e7-946f-1bfb1be7c36b.json | 2 +- .../6b0d4870-3583-11e7-a588-05992195c551.json | 4 ++-- .../6d189680-6d62-11e7-8ddb-e71eb260f4a3.json | 4 ++-- .../70c005f0-3583-11e7-a588-05992195c551.json | 4 ++-- .../7929f430-3583-11e7-a588-05992195c551.json | 4 ++-- .../7f27a830-34e5-11e7-9669-7f1d3242b798.json | 4 ++-- .../85348270-357b-11e7-ac34-8965f6420c51.json | 4 ++-- .../8a10e380-3583-11e7-a588-05992195c551.json | 4 ++-- .../90b246c0-3583-11e7-a588-05992195c551.json | 4 ++-- .../94b52620-342a-11e7-9d52-4f090484f59e.json | 18 +++++++++--------- .../97f8c3a0-3583-11e7-a588-05992195c551.json | 4 ++-- .../9ef20ae0-3583-11e7-a588-05992195c551.json | 4 ++-- kibana/dashboards/AWAi5k4jAvKNGEbUWFis.json | 18 +++++++++--------- kibana/dashboards/AWAi6wvxAvKNGEbUWO_j.json | 2 +- .../a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b.json | 2 +- .../ad3c0830-3583-11e7-a588-05992195c551.json | 4 ++-- .../b10a9c60-3583-11e7-a588-05992195c551.json | 4 ++-- .../b3a53710-3aaa-11e7-8b17-0d8709b02c80.json | 4 ++-- .../b65775e0-46cb-11e7-946f-1bfb1be7c36b.json | 2 +- .../b65c2710-3583-11e7-a588-05992195c551.json | 4 ++-- .../c2c99c30-3583-11e7-a588-05992195c551.json | 4 ++-- .../c4bbe040-76b3-11e7-ba96-cba76a1e264d.json | 4 ++-- .../c6ccfc00-3583-11e7-a588-05992195c551.json | 4 ++-- .../cb367060-3b04-11e7-a83b-b1b4da7d15f4.json | 2 +- .../cca67b60-3583-11e7-a588-05992195c551.json | 4 ++-- .../ccfcc540-4638-11e7-a82e-d97152153689.json | 2 +- .../d7b54ae0-3583-11e7-a588-05992195c551.json | 4 ++-- .../de2da250-3583-11e7-a588-05992195c551.json | 4 ++-- .../e0a34b90-34e6-11e7-9118-45bd317f0ca4.json | 4 ++-- .../e5aa7170-3583-11e7-a588-05992195c551.json | 4 ++-- .../ea211360-46c4-11e7-a82e-d97152153689.json | 2 +- .../ebf5ec90-34bf-11e7-9b32-bb903919ead9.json | 8 ++++---- .../f042ad60-46c6-11e7-946f-1bfb1be7c36b.json | 2 +- 61 files changed, 145 insertions(+), 127 deletions(-) create mode 100644 configfiles/0006_input_beats.conf rename configfiles/{0006_input_import.conf => 0007_input_import.conf} (100%) create mode 100644 configfiles/8999_postprocess_rename_type.conf diff --git a/configfiles/0006_input_beats.conf b/configfiles/0006_input_beats.conf new file mode 100644 index 0000000..9811077 --- /dev/null +++ b/configfiles/0006_input_beats.conf @@ -0,0 +1,10 @@ +# Author: Justin Henderson +# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics +# Email: justin@hasecuritysolutions.com +# Last Update: 11/15/2017 + +input { + beats { + port => "5044" + } +} diff --git a/configfiles/0006_input_import.conf b/configfiles/0007_input_import.conf similarity index 100% rename from configfiles/0006_input_import.conf rename to configfiles/0007_input_import.conf diff --git a/configfiles/8999_postprocess_rename_type.conf b/configfiles/8999_postprocess_rename_type.conf new file mode 100644 index 0000000..383fd98 --- /dev/null +++ b/configfiles/8999_postprocess_rename_type.conf @@ -0,0 +1,8 @@ +# Author: Doug Burks +# Last Update: 12/10/2017 + +filter { + mutate { + rename => [ "type", "event_type" ] + } +} diff --git a/configfiles/9004_output_flow.conf b/configfiles/9004_output_flow.conf index 4623cbb..be12524 100644 --- a/configfiles/9004_output_flow.conf +++ b/configfiles/9004_output_flow.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "sflow" and "test_data" not in [tags] { + if [event_type] == "sflow" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9004"] } } } output { - if [type] == "sflow" and "test_data" not in [tags] { + if [event_type] == "sflow" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9026_output_dhcp.conf b/configfiles/9026_output_dhcp.conf index 07ec842..7365cea 100644 --- a/configfiles/9026_output_dhcp.conf +++ b/configfiles/9026_output_dhcp.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "dhcp" and "test_data" not in [tags] { + if [event_type] == "dhcp" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9026"] } } } output { - if [type] == "dhcp" and "test_data" not in [tags] { + if [event_type] == "dhcp" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9029_output_esxi.conf b/configfiles/9029_output_esxi.conf index 413f409..09547e2 100644 --- a/configfiles/9029_output_esxi.conf +++ b/configfiles/9029_output_esxi.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "esxi" and "test_data" not in [tags] { + if [event_type] == "esxi" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9029"] } } } output { - if [type] == "esxi" and "test_data" not in [tags] { + if [event_type] == "esxi" and "test_data" not in [tags] { elasticsearch { hosts => elasticsearch template => "/logstash-template.json" diff --git a/configfiles/9030_output_greensql.conf b/configfiles/9030_output_greensql.conf index ab1f48c..c083153 100644 --- a/configfiles/9030_output_greensql.conf +++ b/configfiles/9030_output_greensql.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "greensql" and "test_data" not in [tags] { + if [event_type] == "greensql" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9030"] } } } output { - if [type] == "greensql" and "test_data" not in [tags] { + if [event_type] == "greensql" and "test_data" not in [tags] { elasticsearch { hosts => elasticsearch template => "/logstash-template.json" diff --git a/configfiles/9031_output_iis.conf b/configfiles/9031_output_iis.conf index 2835d78..c130cc2 100644 --- a/configfiles/9031_output_iis.conf +++ b/configfiles/9031_output_iis.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "iis" and "test_data" not in [tags] { + if [event_type] == "iis" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9031"] } } } output { - if [type] == "iis" and "test_data" not in [tags] { + if [event_type] == "iis" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9032_output_mcafee.conf b/configfiles/9032_output_mcafee.conf index 4d41778..5373815 100644 --- a/configfiles/9032_output_mcafee.conf +++ b/configfiles/9032_output_mcafee.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "mcafee" and "test_data" not in [tags] { + if [event_type] == "mcafee" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9032"] } } } output { - if [type] == "mcafee" and "test_data" not in [tags] { + if [event_type] == "mcafee" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9033_output_snort.conf b/configfiles/9033_output_snort.conf index 5fbd2f7..27b0092 100644 --- a/configfiles/9033_output_snort.conf +++ b/configfiles/9033_output_snort.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "snort" and "test_data" not in [tags] { + if [event_type] == "snort" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9033"] } } } output { - if [type] == "snort" and "test_data" not in [tags] { + if [event_type] == "snort" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9300_output_windows.conf b/configfiles/9300_output_windows.conf index 0a893a5..9c6470c 100644 --- a/configfiles/9300_output_windows.conf +++ b/configfiles/9300_output_windows.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "windows" and "test_data" not in [tags] { + if [event_type] == "windows" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9300"] } } } output { - if [type] == "windows" and "test_data" not in [tags] { + if [event_type] == "windows" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9301_output_dns_windows.conf b/configfiles/9301_output_dns_windows.conf index 770950d..97d3cb8 100644 --- a/configfiles/9301_output_dns_windows.conf +++ b/configfiles/9301_output_dns_windows.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "dns" and "test_data" not in [tags] { + if [event_type] == "dns" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9301"] } } } output { - if [type] == "dns" and "test_data" not in [tags] { + if [event_type] == "dns" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/configfiles/9400_output_suricata.conf b/configfiles/9400_output_suricata.conf index 4099dc2..76b4526 100644 --- a/configfiles/9400_output_suricata.conf +++ b/configfiles/9400_output_suricata.conf @@ -4,14 +4,14 @@ # Last Update: 12/9/2016 filter { - if [type] == "suricata" and "test_data" not in [tags] { + if [event_type] == "suricata" and "test_data" not in [tags] { mutate { ##add_tag => [ "conf_file_9400"] } } } output { - if [type] == "suricata" and "test_data" not in [tags] { + if [event_type] == "suricata" and "test_data" not in [tags] { #stdout { codec => rubydebug } elasticsearch { hosts => elasticsearch diff --git a/kibana/dashboards/01600fb0-34e4-11e7-9669-7f1d3242b798.json b/kibana/dashboards/01600fb0-34e4-11e7-9669-7f1d3242b798.json index 662fa02..f682990 100644 --- a/kibana/dashboards/01600fb0-34e4-11e7-9669-7f1d3242b798.json +++ b/kibana/dashboards/01600fb0-34e4-11e7-9669-7f1d3242b798.json @@ -77,7 +77,7 @@ "title": "Notices - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_notice\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_notice\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -280,7 +280,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"Notices - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_notice\",\"label\":\"Notices - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_notice\",\"label\":\"Notices - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Notices - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json b/kibana/dashboards/022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json index 28ab365..24fe386 100644 --- a/kibana/dashboards/022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json +++ b/kibana/dashboards/022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json @@ -56,7 +56,7 @@ "title": "NTLM - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_ntlm\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -258,7 +258,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"NTLM - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_ntlm\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"NTLM - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_ntlm\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"NTLM - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "NTLM - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json b/kibana/dashboards/0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json index bf05820..233cae7 100644 --- a/kibana/dashboards/0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json +++ b/kibana/dashboards/0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json @@ -161,7 +161,7 @@ "title": "OSSEC - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"type:ossec\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}}}" }, "columns": [ "alert_level", @@ -189,7 +189,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"OSSEC Alerts - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:ossec && tags:alert\",\"label\":\"OSSEC Alerts - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"OSSEC Alerts - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:ossec && tags:alert\",\"label\":\"OSSEC Alerts - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "OSSEC Alerts - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/230134a0-34c6-11e7-8360-0b86c90983fd.json b/kibana/dashboards/230134a0-34c6-11e7-8360-0b86c90983fd.json index 295fbf8..4ff3ebf 100644 --- a/kibana/dashboards/230134a0-34c6-11e7-8360-0b86c90983fd.json +++ b/kibana/dashboards/230134a0-34c6-11e7-8360-0b86c90983fd.json @@ -139,7 +139,7 @@ "title": "HTTP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_http\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_http\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", @@ -362,7 +362,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"HTTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_http\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"HTTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_http\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"HTTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "HTTP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/27f3b380-3583-11e7-a588-05992195c551.json b/kibana/dashboards/27f3b380-3583-11e7-a588-05992195c551.json index b818612..44cb88e 100644 --- a/kibana/dashboards/27f3b380-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/27f3b380-3583-11e7-a588-05992195c551.json @@ -203,7 +203,7 @@ "title": "FTP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_ftp\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -258,7 +258,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"FTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_ftp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"FTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_ftp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"FTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "FTP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/2d315d80-3582-11e7-98ef-19df58fe538b.json b/kibana/dashboards/2d315d80-3582-11e7-98ef-19df58fe538b.json index 688932d..09a07da 100644 --- a/kibana/dashboards/2d315d80-3582-11e7-98ef-19df58fe538b.json +++ b/kibana/dashboards/2d315d80-3582-11e7-98ef-19df58fe538b.json @@ -56,7 +56,7 @@ "title": "Files - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"type:bro_files\"\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"event_type:bro_files\"\n }\n }\n}" }, "columns": [ "file_ip", @@ -216,7 +216,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Files - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_files\",\"label\":\"Files - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Files - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_files\",\"label\":\"Files - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Files - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/2fdf5bf0-3581-11e7-98ef-19df58fe538b.json b/kibana/dashboards/2fdf5bf0-3581-11e7-98ef-19df58fe538b.json index 78727df..d363580 100644 --- a/kibana/dashboards/2fdf5bf0-3581-11e7-98ef-19df58fe538b.json +++ b/kibana/dashboards/2fdf5bf0-3581-11e7-98ef-19df58fe538b.json @@ -140,7 +140,7 @@ "title": "DNP3 - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_dnp3\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_dnp3\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", @@ -193,7 +193,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"DNP3 - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_dnp3\",\"label\":\"DNP3 - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"DNP3 - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_dnp3\",\"label\":\"DNP3 - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "DNP3 - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/3a457d70-3583-11e7-a588-05992195c551.json b/kibana/dashboards/3a457d70-3583-11e7-a588-05992195c551.json index c0b4ab4..1444142 100644 --- a/kibana/dashboards/3a457d70-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/3a457d70-3583-11e7-a588-05992195c551.json @@ -56,7 +56,7 @@ "title": "OSSEC - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"type:ossec\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[]}" }, "columns": [ "alert_level", @@ -93,7 +93,7 @@ "title": "OSSEC - Archive", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:ossec_archive\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}}}" }, "columns": [ "message" @@ -117,7 +117,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"OSSEC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:ossec\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"OSSEC - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"OSSEC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:ossec\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"OSSEC - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "OSSEC - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/46582d50-3af2-11e7-a83b-b1b4da7d15f4.json b/kibana/dashboards/46582d50-3af2-11e7-a83b-b1b4da7d15f4.json index e23426b..8efd92d 100644 --- a/kibana/dashboards/46582d50-3af2-11e7-a83b-b1b4da7d15f4.json +++ b/kibana/dashboards/46582d50-3af2-11e7-a83b-b1b4da7d15f4.json @@ -15,7 +15,7 @@ "title": "DCE/RPC - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_dce_rpc\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -258,7 +258,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"DCE/RPC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_dce_rpc\",\"label\":\"DCE/RPC - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_dce_rpc\",\"label\":\"DCE/RPC - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/468022c0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/468022c0-3583-11e7-a588-05992195c551.json index cab3cae..58ad211 100644 --- a/kibana/dashboards/468022c0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/468022c0-3583-11e7-a588-05992195c551.json @@ -203,7 +203,7 @@ "title": "Intel - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_intel\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -279,7 +279,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Intel - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_intel\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Intel - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_intel\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Intel - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Intel - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/4e108070-46c7-11e7-946f-1bfb1be7c36b.json b/kibana/dashboards/4e108070-46c7-11e7-946f-1bfb1be7c36b.json index d49df42..57e1076 100644 --- a/kibana/dashboards/4e108070-46c7-11e7-946f-1bfb1be7c36b.json +++ b/kibana/dashboards/4e108070-46c7-11e7-946f-1bfb1be7c36b.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/50173bd0-3582-11e7-98ef-19df58fe538b.json b/kibana/dashboards/50173bd0-3582-11e7-98ef-19df58fe538b.json index 854438b..a4af2bd 100644 --- a/kibana/dashboards/50173bd0-3582-11e7-98ef-19df58fe538b.json +++ b/kibana/dashboards/50173bd0-3582-11e7-98ef-19df58fe538b.json @@ -161,7 +161,7 @@ "title": "Firewall - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:firewall\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}}}" }, "columns": [ "action", @@ -197,7 +197,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Firewall - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:firewall\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Firewall - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Firewall - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:firewall\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Firewall - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Firewall - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/56a34ce0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/56a34ce0-3583-11e7-a588-05992195c551.json index 360f74d..7dc5552 100644 --- a/kibana/dashboards/56a34ce0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/56a34ce0-3583-11e7-a588-05992195c551.json @@ -140,7 +140,7 @@ "title": "IRC - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_irc\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -195,7 +195,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"IRC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_irc\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"IRC - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_irc\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"IRC - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "IRC - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/61d43810-6d62-11e7-8ddb-e71eb260f4a3.json b/kibana/dashboards/61d43810-6d62-11e7-8ddb-e71eb260f4a3.json index fe2889e..ad76c7d 100644 --- a/kibana/dashboards/61d43810-6d62-11e7-8ddb-e71eb260f4a3.json +++ b/kibana/dashboards/61d43810-6d62-11e7-8ddb-e71eb260f4a3.json @@ -224,7 +224,7 @@ "title": "Autoruns - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:autoruns\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}}}" }, "columns": [ "entry", @@ -256,7 +256,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Autoruns - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:autoruns\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Autoruns - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Autoruns - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:autoruns\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Autoruns - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Autoruns - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/68563ed0-34bf-11e7-9b32-bb903919ead9.json b/kibana/dashboards/68563ed0-34bf-11e7-9b32-bb903919ead9.json index 45c4a76..5508eb9 100644 --- a/kibana/dashboards/68563ed0-34bf-11e7-9b32-bb903919ead9.json +++ b/kibana/dashboards/68563ed0-34bf-11e7-9b32-bb903919ead9.json @@ -223,7 +223,7 @@ "title": "OSSEC - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"type:ossec\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}}}" }, "columns": [ "alert_level", @@ -357,7 +357,7 @@ "title": "DNS - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_dns\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -383,7 +383,7 @@ "title": "HTTP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_http\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_http\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", @@ -409,7 +409,7 @@ "title": "Notices - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_notice\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_notice\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -435,7 +435,7 @@ "title": "NIDS - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:snort\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:snort\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/68f738e0-46ca-11e7-946f-1bfb1be7c36b.json b/kibana/dashboards/68f738e0-46ca-11e7-946f-1bfb1be7c36b.json index e4bb543..3ea075e 100644 --- a/kibana/dashboards/68f738e0-46ca-11e7-946f-1bfb1be7c36b.json +++ b/kibana/dashboards/68f738e0-46ca-11e7-946f-1bfb1be7c36b.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/6b0d4870-3583-11e7-a588-05992195c551.json b/kibana/dashboards/6b0d4870-3583-11e7-a588-05992195c551.json index 85d1278..e230554 100644 --- a/kibana/dashboards/6b0d4870-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/6b0d4870-3583-11e7-a588-05992195c551.json @@ -56,7 +56,7 @@ "title": "Kerberos - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_kerberos\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -301,7 +301,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Kerberos - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_kerberos\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Kerberos - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_kerberos\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Kerberos - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Kerberos - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/6d189680-6d62-11e7-8ddb-e71eb260f4a3.json b/kibana/dashboards/6d189680-6d62-11e7-8ddb-e71eb260f4a3.json index d74d261..48f1859 100644 --- a/kibana/dashboards/6d189680-6d62-11e7-8ddb-e71eb260f4a3.json +++ b/kibana/dashboards/6d189680-6d62-11e7-8ddb-e71eb260f4a3.json @@ -224,7 +224,7 @@ "title": "Sysmon - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:sysmon\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}}}" }, "columns": [ "event_type", @@ -258,7 +258,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Sysmon - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:sysmon\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Sysmon - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Sysmon - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:sysmon\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Sysmon - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Sysmon - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/70c005f0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/70c005f0-3583-11e7-a588-05992195c551.json index b819573..8a14717 100644 --- a/kibana/dashboards/70c005f0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/70c005f0-3583-11e7-a588-05992195c551.json @@ -119,7 +119,7 @@ "title": "Modbus - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_modbus\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -174,7 +174,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Modbus - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_modbus\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Modbus - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Modbus - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_modbus\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Modbus - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Modbus - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/7929f430-3583-11e7-a588-05992195c551.json b/kibana/dashboards/7929f430-3583-11e7-a588-05992195c551.json index e2ddc97..a10ea33 100644 --- a/kibana/dashboards/7929f430-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/7929f430-3583-11e7-a588-05992195c551.json @@ -98,7 +98,7 @@ "title": "MySQL - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_mysql\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -153,7 +153,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"MySQL - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_mysql\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"MySQL - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"MySQL - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_mysql\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"MySQL - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "MySQL - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/7f27a830-34e5-11e7-9669-7f1d3242b798.json b/kibana/dashboards/7f27a830-34e5-11e7-9669-7f1d3242b798.json index b3a82ef..c7e09c4 100644 --- a/kibana/dashboards/7f27a830-34e5-11e7-9669-7f1d3242b798.json +++ b/kibana/dashboards/7f27a830-34e5-11e7-9669-7f1d3242b798.json @@ -77,7 +77,7 @@ "title": "NIDS - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:snort\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:snort\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -298,7 +298,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"NIDS - Alert Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:snort\",\"label\":\"NIDS - Alert Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"NIDS - Alert Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:snort\",\"label\":\"NIDS - Alert Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "NIDS - Alert Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/85348270-357b-11e7-ac34-8965f6420c51.json b/kibana/dashboards/85348270-357b-11e7-ac34-8965f6420c51.json index 6ab0635..f334530 100644 --- a/kibana/dashboards/85348270-357b-11e7-ac34-8965f6420c51.json +++ b/kibana/dashboards/85348270-357b-11e7-ac34-8965f6420c51.json @@ -56,7 +56,7 @@ "title": "DHCP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_dhcp\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_dhcp\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", @@ -174,7 +174,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"DHCP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_dhcp\",\"label\":\"DHCP - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_dhcp\",\"label\":\"DHCP - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "DHCP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/8a10e380-3583-11e7-a588-05992195c551.json b/kibana/dashboards/8a10e380-3583-11e7-a588-05992195c551.json index c56acbc..fbba67c 100644 --- a/kibana/dashboards/8a10e380-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/8a10e380-3583-11e7-a588-05992195c551.json @@ -98,7 +98,7 @@ "title": "PE - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_pe\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}}}" }, "columns": [ "message", @@ -168,7 +168,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"PE - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_pe\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"PE - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"PE - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_pe\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"PE - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "PE - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/90b246c0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/90b246c0-3583-11e7-a588-05992195c551.json index 0a8699b..cf4c311 100644 --- a/kibana/dashboards/90b246c0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/90b246c0-3583-11e7-a588-05992195c551.json @@ -161,7 +161,7 @@ "title": "RADIUS - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_radius\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -237,7 +237,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"RADIUS - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_radius\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RADIUS - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_radius\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RADIUS - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "RADIUS - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/94b52620-342a-11e7-9d52-4f090484f59e.json b/kibana/dashboards/94b52620-342a-11e7-9d52-4f090484f59e.json index 60640ee..6395824 100644 --- a/kibana/dashboards/94b52620-342a-11e7-9d52-4f090484f59e.json +++ b/kibana/dashboards/94b52620-342a-11e7-9d52-4f090484f59e.json @@ -173,7 +173,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Overview - Alert Summary (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:bro_notice\"}}},\"label\":\"Bro Notices\"},{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:ossec\"}}},\"label\":\"OSSEC Alerts\"},{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:snort\"}}},\"label\":\"NIDS Alerts\"}]}}],\"listeners\":{}}", + "visState": "{\"title\":\"Overview - Alert Summary (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\"}}},\"label\":\"Bro Notices\"},{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:ossec\"}}},\"label\":\"OSSEC Alerts\"},{\"input\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:snort\"}}},\"label\":\"NIDS Alerts\"}]}}],\"listeners\":{}}", "description": "", "title": "Overview - Alert Summary (Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", @@ -316,7 +316,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"Notices - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_notice\",\"label\":\"Notices - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_notice\",\"label\":\"Notices - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Notices - Log Count (Builder)", "uiStateJSON": "{}", @@ -336,7 +336,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"NIDS - Alert Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:snort\",\"label\":\"NIDS - Alert Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"NIDS - Alert Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:snort\",\"label\":\"NIDS - Alert Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "NIDS - Alert Count (Builder)", "uiStateJSON": "{}", @@ -356,7 +356,7 @@ "type": "visualization", "version": 2, "attributes": { - "visState": "{\"title\":\"OSSEC Alerts - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:ossec && tags:alert\",\"label\":\"OSSEC Alerts - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"OSSEC Alerts - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:ossec && tags:alert\",\"label\":\"OSSEC Alerts - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "OSSEC Alerts - Log Count (Builder)", "uiStateJSON": "{}", @@ -397,7 +397,7 @@ "title": "NIDS - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:snort\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:snort\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -422,7 +422,7 @@ "title": "Notices - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_notice\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_notice\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -448,7 +448,7 @@ "title": "OSSEC - Alerts", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"type:ossec\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"*:logstash-*\",\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}}}" }, "columns": [ "alert_level", @@ -471,7 +471,7 @@ "title": "Overview - Alert Summary", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"type:snort OR type:ossec OR type:bro_notice\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:snort OR event_type:ossec OR event_type:bro_notice\",\"analyze_wildcard\":true}},\"filter\":[]}" }, "columns": [ "_source" @@ -492,7 +492,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/97f8c3a0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/97f8c3a0-3583-11e7-a588-05992195c551.json index ab5ef22..6ab2752 100644 --- a/kibana/dashboards/97f8c3a0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/97f8c3a0-3583-11e7-a588-05992195c551.json @@ -56,7 +56,7 @@ "title": "RDP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_rdp\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -278,7 +278,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"RDP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_rdp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RDP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_rdp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RDP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "RDP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/9ef20ae0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/9ef20ae0-3583-11e7-a588-05992195c551.json index 9ef7d90..97fcf4b 100644 --- a/kibana/dashboards/9ef20ae0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/9ef20ae0-3583-11e7-a588-05992195c551.json @@ -140,7 +140,7 @@ "title": "RFB - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_rfb\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -300,7 +300,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"RFB - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_rfb\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RFB - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_rfb\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"RFB - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "RFB - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/AWAi5k4jAvKNGEbUWFis.json b/kibana/dashboards/AWAi5k4jAvKNGEbUWFis.json index ca01c87..d48bcae 100644 --- a/kibana/dashboards/AWAi5k4jAvKNGEbUWFis.json +++ b/kibana/dashboards/AWAi5k4jAvKNGEbUWFis.json @@ -12,7 +12,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 3, @@ -32,7 +32,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 1, @@ -52,7 +52,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 7, @@ -72,7 +72,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 1, @@ -92,7 +92,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 7, @@ -112,7 +112,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 1, @@ -132,7 +132,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 7, @@ -152,7 +152,7 @@ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 1, @@ -235,7 +235,7 @@ "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_dns AND _exists_:parent_domain_frequency_score\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" } }, "col": 3, diff --git a/kibana/dashboards/AWAi6wvxAvKNGEbUWO_j.json b/kibana/dashboards/AWAi6wvxAvKNGEbUWO_j.json index a97088d..d0185e1 100644 --- a/kibana/dashboards/AWAi6wvxAvKNGEbUWO_j.json +++ b/kibana/dashboards/AWAi6wvxAvKNGEbUWO_j.json @@ -56,7 +56,7 @@ "title": "DNS - Domains with creation date < 3 months", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[]}" }, "columns": [ "_source" diff --git a/kibana/dashboards/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b.json b/kibana/dashboards/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b.json index 651955a..01872ab 100644 --- a/kibana/dashboards/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b.json +++ b/kibana/dashboards/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b.json @@ -140,7 +140,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/ad3c0830-3583-11e7-a588-05992195c551.json b/kibana/dashboards/ad3c0830-3583-11e7-a588-05992195c551.json index e7fd2aa..4dc4cc3 100644 --- a/kibana/dashboards/ad3c0830-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/ad3c0830-3583-11e7-a588-05992195c551.json @@ -245,7 +245,7 @@ "title": "SIP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_sip\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -321,7 +321,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SIP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_sip\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SIP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_sip\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SIP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SIP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/b10a9c60-3583-11e7-a588-05992195c551.json b/kibana/dashboards/b10a9c60-3583-11e7-a588-05992195c551.json index a5bba93..c87f2a6 100644 --- a/kibana/dashboards/b10a9c60-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/b10a9c60-3583-11e7-a588-05992195c551.json @@ -203,7 +203,7 @@ "title": "SMTP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_smtp\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -321,7 +321,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SMTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_smtp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SMTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_smtp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SMTP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SMTP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/b3a53710-3aaa-11e7-8b17-0d8709b02c80.json b/kibana/dashboards/b3a53710-3aaa-11e7-8b17-0d8709b02c80.json index 997ff01..6c3e77d 100644 --- a/kibana/dashboards/b3a53710-3aaa-11e7-8b17-0d8709b02c80.json +++ b/kibana/dashboards/b3a53710-3aaa-11e7-8b17-0d8709b02c80.json @@ -15,7 +15,7 @@ "title": "SMB - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(type:bro_smb_mapping OR type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[]}" }, "columns": [ "source_ip", @@ -237,7 +237,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SMB - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"(type:bro_smb_mapping OR type:bro_smb_files)\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SMB - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SMB - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SMB - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/b65775e0-46cb-11e7-946f-1bfb1be7c36b.json b/kibana/dashboards/b65775e0-46cb-11e7-946f-1bfb1be7c36b.json index 219ae6a..ba2ad2c 100644 --- a/kibana/dashboards/b65775e0-46cb-11e7-946f-1bfb1be7c36b.json +++ b/kibana/dashboards/b65775e0-46cb-11e7-946f-1bfb1be7c36b.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/b65c2710-3583-11e7-a588-05992195c551.json b/kibana/dashboards/b65c2710-3583-11e7-a588-05992195c551.json index 7349986..814fe86 100644 --- a/kibana/dashboards/b65c2710-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/b65c2710-3583-11e7-a588-05992195c551.json @@ -161,7 +161,7 @@ "title": "SNMP - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_snmp\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -216,7 +216,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SNMP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_snmp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SNMP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_snmp\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SNMP - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SNMP - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/c2c99c30-3583-11e7-a588-05992195c551.json b/kibana/dashboards/c2c99c30-3583-11e7-a588-05992195c551.json index e346526..46c90d1 100644 --- a/kibana/dashboards/c2c99c30-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/c2c99c30-3583-11e7-a588-05992195c551.json @@ -110,7 +110,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Software - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_software\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Software - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Software - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_software\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Software - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Software - Log Count (Builder)", "uiStateJSON": "{}", @@ -144,7 +144,7 @@ ], "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_software\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}}}" } }, "size_x": 12, diff --git a/kibana/dashboards/c4bbe040-76b3-11e7-ba96-cba76a1e264d.json b/kibana/dashboards/c4bbe040-76b3-11e7-ba96-cba76a1e264d.json index 7404088..5496e1b 100644 --- a/kibana/dashboards/c4bbe040-76b3-11e7-ba96-cba76a1e264d.json +++ b/kibana/dashboards/c4bbe040-76b3-11e7-ba96-cba76a1e264d.json @@ -56,7 +56,7 @@ "title": "Syslog (Bro) - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_syslog\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -193,7 +193,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Bro Syslog - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_syslog\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Syslog - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Bro Syslog - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_syslog\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Syslog - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Bro Syslog - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/c6ccfc00-3583-11e7-a588-05992195c551.json b/kibana/dashboards/c6ccfc00-3583-11e7-a588-05992195c551.json index 4b3e2d9..f60a58d 100644 --- a/kibana/dashboards/c6ccfc00-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/c6ccfc00-3583-11e7-a588-05992195c551.json @@ -119,7 +119,7 @@ "title": "SSH - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_ssh\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -216,7 +216,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SSH - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_ssh\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SSH - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_ssh\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SSH - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SSH - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/cb367060-3b04-11e7-a83b-b1b4da7d15f4.json b/kibana/dashboards/cb367060-3b04-11e7-a83b-b1b4da7d15f4.json index 6dcb377..27f0b0e 100644 --- a/kibana/dashboards/cb367060-3b04-11e7-a83b-b1b4da7d15f4.json +++ b/kibana/dashboards/cb367060-3b04-11e7-a83b-b1b4da7d15f4.json @@ -77,7 +77,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/cca67b60-3583-11e7-a588-05992195c551.json b/kibana/dashboards/cca67b60-3583-11e7-a588-05992195c551.json index bbd7a9d..d6bcd99 100644 --- a/kibana/dashboards/cca67b60-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/cca67b60-3583-11e7-a588-05992195c551.json @@ -266,7 +266,7 @@ "title": "SSL - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_ssl\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -321,7 +321,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"SSL - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_ssl\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SSL - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"SSL - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_ssl\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"SSL - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "SSL - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/ccfcc540-4638-11e7-a82e-d97152153689.json b/kibana/dashboards/ccfcc540-4638-11e7-a82e-d97152153689.json index 8a32508..930576e 100644 --- a/kibana/dashboards/ccfcc540-4638-11e7-a82e-d97152153689.json +++ b/kibana/dashboards/ccfcc540-4638-11e7-a82e-d97152153689.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/d7b54ae0-3583-11e7-a588-05992195c551.json b/kibana/dashboards/d7b54ae0-3583-11e7-a588-05992195c551.json index cd8e652..e8803f4 100644 --- a/kibana/dashboards/d7b54ae0-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/d7b54ae0-3583-11e7-a588-05992195c551.json @@ -119,7 +119,7 @@ "title": "Tunnels - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_tunnels\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -216,7 +216,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Tunnels - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_tunnels\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Tunnels - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Tunnels - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_tunnels\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Tunnels - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Tunnels - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/de2da250-3583-11e7-a588-05992195c551.json b/kibana/dashboards/de2da250-3583-11e7-a588-05992195c551.json index c18437e..fcae2c6 100644 --- a/kibana/dashboards/de2da250-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/de2da250-3583-11e7-a588-05992195c551.json @@ -119,7 +119,7 @@ "title": "Weird - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_weird\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -216,7 +216,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Weird - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_weird\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Weird - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Weird - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_weird\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"Weird - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Weird - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/e0a34b90-34e6-11e7-9118-45bd317f0ca4.json b/kibana/dashboards/e0a34b90-34e6-11e7-9118-45bd317f0ca4.json index 7032b0a..ebc7621 100644 --- a/kibana/dashboards/e0a34b90-34e6-11e7-9118-45bd317f0ca4.json +++ b/kibana/dashboards/e0a34b90-34e6-11e7-9118-45bd317f0ca4.json @@ -329,7 +329,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", @@ -404,7 +404,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"Connections - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_conn\",\"label\":\"Connections - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_conn\",\"label\":\"Connections - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "Connections - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/e5aa7170-3583-11e7-a588-05992195c551.json b/kibana/dashboards/e5aa7170-3583-11e7-a588-05992195c551.json index 5223bc9..90a69df 100644 --- a/kibana/dashboards/e5aa7170-3583-11e7-a588-05992195c551.json +++ b/kibana/dashboards/e5aa7170-3583-11e7-a588-05992195c551.json @@ -56,7 +56,7 @@ "title": "X.509 - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_x509\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}}}" }, "columns": [ "host", @@ -189,7 +189,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"X.509 - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"type:bro_x509\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"X.509 - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"X.509 - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"color\":\"rgba(251,158,0,1)\",\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"opperator\":\"gte\",\"value\":0}],\"drop_last_bucket\":0,\"filter\":\"\",\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":\"event_type:bro_x509\",\"formatter\":\"number\",\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"label\":\"X.509 - Log Count\",\"line_width\":1,\"metrics\":[{\"field\":null,\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_order_by\":null,\"terms_size\":\"1000\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "X.509 - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/ea211360-46c4-11e7-a82e-d97152153689.json b/kibana/dashboards/ea211360-46c4-11e7-a82e-d97152153689.json index 0a43f06..f929de4 100644 --- a/kibana/dashboards/ea211360-46c4-11e7-a82e-d97152153689.json +++ b/kibana/dashboards/ea211360-46c4-11e7-a82e-d97152153689.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip", diff --git a/kibana/dashboards/ebf5ec90-34bf-11e7-9b32-bb903919ead9.json b/kibana/dashboards/ebf5ec90-34bf-11e7-9b32-bb903919ead9.json index 9f92cb0..50cc755 100644 --- a/kibana/dashboards/ebf5ec90-34bf-11e7-9b32-bb903919ead9.json +++ b/kibana/dashboards/ebf5ec90-34bf-11e7-9b32-bb903919ead9.json @@ -161,7 +161,7 @@ "title": "DNS - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"type:bro_dns\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}}}" }, "columns": [ "source_ip", @@ -243,7 +243,7 @@ "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 1, @@ -263,7 +263,7 @@ "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[]}" } }, "col": 7, @@ -277,7 +277,7 @@ "type": "visualization", "version": 1, "attributes": { - "visState": "{\"title\":\"DNS - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"type:bro_dns\",\"label\":\"DNS - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Log Count (Builder)\",\"type\":\"metrics\",\"params\":{\"id\":\"613db1b0-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"metric\",\"series\":[{\"id\":\"613db1b1-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"613db1b2-c578-11e7-89f7-f9b51b5d4b2f\",\"type\":\"count\",\"field\":null}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"sensor_name.keyword\",\"terms_size\":\"1000\",\"terms_order_by\":null,\"filter\":\"event_type:bro_dns\",\"label\":\"DNS - Log Count\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*:logstash-*\",\"interval\":\"1y\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"value\":0,\"id\":\"631c5cc0-c578-11e7-89f7-f9b51b5d4b2f\",\"color\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"}],\"drop_last_bucket\":0,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}", "description": "", "title": "DNS - Log Count (Builder)", "uiStateJSON": "{}", diff --git a/kibana/dashboards/f042ad60-46c6-11e7-946f-1bfb1be7c36b.json b/kibana/dashboards/f042ad60-46c6-11e7-946f-1bfb1be7c36b.json index 752a082..858270e 100644 --- a/kibana/dashboards/f042ad60-46c6-11e7-946f-1bfb1be7c36b.json +++ b/kibana/dashboards/f042ad60-46c6-11e7-946f-1bfb1be7c36b.json @@ -56,7 +56,7 @@ "title": "Connections - Logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" + "searchSourceJSON": "{\n \"index\": \"*:logstash-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"filter\": [],\n \"size\":10,\n \"query\": {\n \"query_string\": {\n \"query\": \"event_type:bro_conn\",\n \"analyze_wildcard\": true\n }\n }\n}" }, "columns": [ "source_ip",