Skip to content

Commit

Permalink
Dashboard for new Recorded Future integration (#30199) (#30330)
Browse files Browse the repository at this point in the history 
Relates #30030

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
(cherry picked from commit b8203a3)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
  • Loading branch information
@mergify @adriansr
mergify[bot] and adriansr committed Feb 10, 2022
1 parent 800828b commit b9fc658
Show file tree
Hide file tree
Showing 23 changed files with 724 additions and 151 deletions.
269 changes: 221 additions & 48 deletions ...beat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-recordedfuture.json
View file

Large diffs are not rendered by default.

11 changes: 6 additions & 5 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/037e2af0-df50-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -59,6 +59,7 @@
"7b2420d3-1149-4f18-a114-e984e3c701f3"
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data",
"legendDisplay": "default",
"metric": "9afb1b09-0f20-488c-9242-a94f7d11800b",
"nestedLegend": false,
Expand All @@ -71,10 +72,10 @@
"title": "Recorded Future Indicator Type [Filebeat Threat Intel]",
"visualizationType": "lnsPie"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "037e2af0-df50-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -94,6 +95,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NjIsMV0="
}
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMTAsMV0="
}
13 changes: 7 additions & 6 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/06744e90-df52-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -60,16 +60,17 @@
"isTransposed": false
}
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc"
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data"
}
},
"title": "Recorded Future IPv6 Indicators [Filebeat Threat Intel]",
"visualizationType": "lnsDatatable"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "06744e90-df52-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -89,6 +90,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NzAsMV0="
}
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMTgsMV0="
}
13 changes: 7 additions & 6 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/139c7da0-df51-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -59,16 +59,17 @@
"isTransposed": false
}
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc"
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data"
}
},
"title": "Recorded Future SHA256 Hash Indicators [Filebeat Threat Intel]",
"visualizationType": "lnsDatatable"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "139c7da0-df51-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -88,6 +89,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NzMsMV0="
}
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMjEsMV0="
}
11 changes: 6 additions & 5 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/176bf800-df58-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -32,16 +32,17 @@
},
"visualization": {
"accessor": "7a45df79-3fa9-480a-95f4-7f287a386b7d",
"layerId": "27155b23-ab24-4f18-b7dd-159f339e5e9b"
"layerId": "27155b23-ab24-4f18-b7dd-159f339e5e9b",
"layerType": "data"
}
},
"title": "Recorded Future Indicators [Filebeat Threat Intel]",
"visualizationType": "lnsMetric"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "176bf800-df58-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -61,6 +62,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NjQsMV0="
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMTIsMV0="
}
95 changes: 95 additions & 0 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/2d365f10-8479-11ec-8aa9-11bf914a1ef2.json
View file
@@ -0,0 +1,95 @@
{
"attributes": {
"description": "Recorded Future evidence source, ingested by threat intel Filebeat module.",
"state": {
"datasourceStates": {
"indexpattern": {
"layers": {
"adf5e0dc-5b6d-46b0-a95a-0e692d197777": {
"columnOrder": [
"603b8ae9-c00d-4fb2-be8f-66c19169c801",
"84667e97-bc5d-459e-809c-8c5616c0bda8"
],
"columns": {
"603b8ae9-c00d-4fb2-be8f-66c19169c801": {
"customLabel": true,
"dataType": "string",
"isBucketed": true,
"label": "Recorded Future Evidence Sources",
"operationType": "terms",
"params": {
"missingBucket": false,
"orderBy": {
"columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8",
"type": "column"
},
"orderDirection": "desc",
"otherBucket": true,
"size": 10
},
"scale": "ordinal",
"sourceField": "recordedfuture.evidence_details.Sources"
},
"84667e97-bc5d-459e-809c-8c5616c0bda8": {
"dataType": "number",
"isBucketed": false,
"label": "Count of records",
"operationType": "count",
"scale": "ratio",
"sourceField": "Records"
}
},
"incompleteColumns": {}
}
}
}
},
"filters": [],
"query": {
"language": "kuery",
"query": ""
},
"visualization": {
"columns": [
{
"columnId": "603b8ae9-c00d-4fb2-be8f-66c19169c801",
"isTransposed": false
},
{
"columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8",
"isTransposed": false
}
],
"layerId": "adf5e0dc-5b6d-46b0-a95a-0e692d197777",
"layerType": "data"
}
},
"title": "Recorded Future Evidence Source [Filebeat Threat Intel]",
"visualizationType": "lnsDatatable"
},
"coreMigrationVersion": "8.1.0",
"id": "2d365f10-8479-11ec-8aa9-11bf914a1ef2",
"migrationVersion": {
"lens": "8.1.0"
},
"references": [
{
"id": "filebeat-*",
"name": "indexpattern-datasource-current-indexpattern",
"type": "index-pattern"
},
{
"id": "filebeat-*",
"name": "indexpattern-datasource-layer-adf5e0dc-5b6d-46b0-a95a-0e692d197777",
"type": "index-pattern"
},
{
"id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f",
"name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f",
"type": "tag"
}
],
"type": "lens",
"updated_at": "2022-02-02T22:44:53.659Z",
"version": "WzIzMDksMV0="
}
13 changes: 7 additions & 6 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/3c996410-df52-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -60,16 +60,17 @@
"isTransposed": false
}
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc"
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data"
}
},
"title": "Recorded Future Domain Indicators [Filebeat Threat Intel]",
"visualizationType": "lnsDatatable"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "3c996410-df52-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -89,6 +90,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NzcsMV0="
}
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMjUsMV0="
}
9 changes: 5 additions & 4 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/4bcc4cb0-df50-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -60,6 +60,7 @@
"7b2420d3-1149-4f18-a114-e984e3c701f3"
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data",
"legendDisplay": "default",
"metric": "9afb1b09-0f20-488c-9242-a94f7d11800b",
"nestedLegend": false,
Expand All @@ -72,10 +73,10 @@
"title": "Recorded Future Risk Score [Filebeat Threat Intel]",
"visualizationType": "lnsPie"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "4bcc4cb0-df50-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -95,6 +96,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NjUsMV0="
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMTMsMV0="
}
13 changes: 7 additions & 6 deletions ...filebeat/module/threatintel/_meta/kibana/7/lens/5e76ef90-df51-11eb-8f2b-753caedf727d.json
View file
Expand Up @@ -59,16 +59,17 @@
"isTransposed": false
}
],
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc"
"layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc",
"layerType": "data"
}
},
"title": "Recorded Future URL Domain Indicators [Filebeat Threat Intel]",
"visualizationType": "lnsDatatable"
},
"coreMigrationVersion": "8.0.0",
"coreMigrationVersion": "8.1.0",
"id": "5e76ef90-df51-11eb-8f2b-753caedf727d",
"migrationVersion": {
"lens": "7.13.1"
"lens": "8.1.0"
},
"references": [
{
Expand All @@ -88,6 +89,6 @@
}
],
"type": "lens",
"updated_at": "2021-08-04T16:34:33.127Z",
"version": "WzQ2NzUsMV0="
}
"updated_at": "2022-02-01T15:45:07.866Z",
"version": "WzExMjMsMV0="
}

0 comments on commit b9fc658

Please sign in to comment.