Skip to content

Commit

Permalink
[Osquery_manager] Convert visualisations to Lens (#6836)
Browse files Browse the repository at this point in the history 
* Convert dashboards to Lens and apply filters

* Remove OSQuery manager visualizations from library

* Bump integration version and minimum Kibana version

* Update changelog
  • Loading branch information
@chemamartinez @gizas
chemamartinez authored and gizas committed Sep 5, 2023
1 parent 9a20909 commit e61202f
Show file tree
Hide file tree
Showing 14 changed files with 1,499 additions and 255 deletions.
5 changes: 5 additions & 0 deletions packages/osquery_manager/changelog.yml
View file
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.8.4"
changes:
- description: Convert dashboards to Lens
type: enhancement
link: https://github.com/elastic/integrations/pull/6836
- version: "1.7.4"
changes:
- description: Fix elf.sections mapping
Expand Down
804 changes: 779 additions & 25 deletions ...squery_manager/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json
View file

Large diffs are not rendered by default.

503 changes: 478 additions & 25 deletions ...squery_manager/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json
View file

Large diffs are not rendered by default.

83 changes: 78 additions & 5 deletions ...s/osquery_manager/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json
View file
Expand Up @@ -6,20 +6,90 @@
"agent.name"
],
"description": "",
"grid": {},
"hideChart": false,
"hits": 0,
"isTextBasedQuery": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_ossec-rootkit\"},\"version\":true}"
"searchSourceJSON": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"negate": false,
"params": [
{
"meta": {
"alias": null,
"disabled": false,
"field": "event.module",
"index": "logs-*",
"key": "event.module",
"negate": false,
"params": {
"query": "osquery_manager"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.module": "osquery_manager"
}
}
},
{
"meta": {
"alias": null,
"disabled": false,
"field": "action_id",
"index": "logs-*",
"key": "action_id",
"negate": false,
"params": {
"query": "pack_ossec-rootkit"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"action_id": "pack_ossec-rootkit"
}
}
}
],
"relation": "AND",
"type": "combined"
},
"query": {}
}
],
"highlightAll": true,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": ""
},
"version": true
}
},
"sort": [
[
"@timestamp",
"desc"
]
],
"timeRestore": false,
"title": "OSSEC Rootkits [Osquery Manager]",
"usesAdHocDataView": false,
"version": 1
},
"coreMigrationVersion": "8.2.0",
"coreMigrationVersion": "8.7.1",
"created_at": "2023-07-06T05:48:25.376Z",
"id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040",
"migrationVersion": {
"search": "8.0.0"
Expand All @@ -29,9 +99,12 @@
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
},
{
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern"
}
],
"type": "search",
"updated_at": "2022-03-18T16:51:37.575Z",
"version": "WzE2NzkyMSw2XQ=="
"type": "search"
}
83 changes: 78 additions & 5 deletions ...s/osquery_manager/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json
View file
Expand Up @@ -6,20 +6,90 @@
"osquery.revision"
],
"description": "",
"grid": {},
"hideChart": false,
"hits": 0,
"isTextBasedQuery": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_deb_packages\"},\"version\":true}"
"searchSourceJSON": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"negate": false,
"params": [
{
"meta": {
"alias": null,
"disabled": false,
"field": "event.module",
"index": "logs-*",
"key": "event.module",
"negate": false,
"params": {
"query": "osquery_manager"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.module": "osquery_manager"
}
}
},
{
"meta": {
"alias": null,
"disabled": false,
"field": "action_id",
"index": "logs-*",
"key": "action_id",
"negate": false,
"params": {
"query": "pack_it-compliance_deb_packages"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"action_id": "pack_it-compliance_deb_packages"
}
}
}
],
"relation": "AND",
"type": "combined"
},
"query": {}
}
],
"highlightAll": true,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": ""
},
"version": true
}
},
"sort": [
[
"@timestamp",
"desc"
]
],
"timeRestore": false,
"title": "DEB packages installed [Osquery Manager]",
"usesAdHocDataView": false,
"version": 1
},
"coreMigrationVersion": "8.2.0",
"coreMigrationVersion": "8.7.1",
"created_at": "2023-07-06T05:48:25.376Z",
"id": "osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05",
"migrationVersion": {
"search": "8.0.0"
Expand All @@ -29,9 +99,12 @@
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
},
{
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern"
}
],
"type": "search",
"updated_at": "2022-03-18T16:51:37.575Z",
"version": "WzE2NzkxMyw2XQ=="
"type": "search"
}
83 changes: 78 additions & 5 deletions ...s/osquery_manager/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json
View file
Expand Up @@ -6,20 +6,90 @@
"osquery.flags"
],
"description": "",
"grid": {},
"hideChart": false,
"hits": 0,
"isTextBasedQuery": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_mounts\"},\"version\":true}"
"searchSourceJSON": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"negate": false,
"params": [
{
"meta": {
"alias": null,
"disabled": false,
"field": "event.module",
"index": "logs-*",
"key": "event.module",
"negate": false,
"params": {
"query": "osquery_manager"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.module": "osquery_manager"
}
}
},
{
"meta": {
"alias": null,
"disabled": false,
"field": "action_id",
"index": "logs-*",
"key": "action_id",
"negate": false,
"params": {
"query": "pack_it-compliance_mounts"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"action_id": "pack_it-compliance_mounts"
}
}
}
],
"relation": "AND",
"type": "combined"
},
"query": {}
}
],
"highlightAll": true,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": ""
},
"version": true
}
},
"sort": [
[
"@timestamp",
"desc"
]
],
"timeRestore": false,
"title": "Mounts [Osquery Manager]",
"usesAdHocDataView": false,
"version": 1
},
"coreMigrationVersion": "8.2.0",
"coreMigrationVersion": "8.7.1",
"created_at": "2023-07-06T05:48:25.376Z",
"id": "osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05",
"migrationVersion": {
"search": "8.0.0"
Expand All @@ -29,9 +99,12 @@
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
},
{
"id": "logs-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern"
}
],
"type": "search",
"updated_at": "2022-03-18T16:51:37.575Z",
"version": "WzE2NzkxMSw2XQ=="
"type": "search"
}
28 changes: 0 additions & 28 deletions ...ry_manager/kibana/visualization/osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05.json
View file

This file was deleted.

0 comments on commit e61202f

Please sign in to comment.