diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml index ea822be1f654..961d281dfccf 100644 --- a/packages/osquery_manager/changelog.yml +++ b/packages/osquery_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.4" + changes: + - description: Convert dashboards to Lens + type: enhancement + link: https://github.com/elastic/integrations/pull/6836 - version: "1.7.4" changes: - description: Fix elf.sections mapping diff --git a/packages/osquery_manager/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json index cda8feccf9d6..d22949c150e8 100644 --- a/packages/osquery_manager/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json +++ b/packages/osquery_manager/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json @@ -1,54 +1,808 @@ { "attributes": { "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", - "hits": 0, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true}" + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", - "panelsJSON": "[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"1\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":28,\"x\":20,\"y\":0},\"panelIndex\":\"2\",\"panelRefName\":\"panel_1\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":11,\"x\":0,\"y\":4},\"panelIndex\":\"4\",\"panelRefName\":\"panel_3\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":9,\"x\":11,\"y\":4},\"panelIndex\":\"5\",\"panelRefName\":\"panel_4\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":20,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_5\",\"version\":\"7.11.0-SNAPSHOT\"}]", + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "1", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "1", + "panelRefName": "panel_1", + "type": "search", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_3", + "type": "search", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "**[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05)** | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "43889ecf-f6cc-4979-86ff-842becf7b181", + "w": 20, + "x": 0, + "y": 0 + }, + "panelIndex": "43889ecf-f6cc-4979-86ff-842becf7b181", + "title": "Navigation [Osquery Manager]", + "type": "visualization", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b23918e2-e11a-4e5e-96b6-3cef10465756", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "39fef267-b554-42af-9ba2-8bdba8a25f43", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "b23918e2-e11a-4e5e-96b6-3cef10465756": { + "columnOrder": [ + "d56db455-5e6c-4dd8-b7f6-1ed855fe8ce5", + "a33f884c-7db9-4e1c-b593-877ba9073b27", + "83fd9daa-7559-49e0-9de2-3ac7597893e5", + "a8d05ed0-5f87-464c-97f3-eb0c070cc67f" + ], + "columns": { + "83fd9daa-7559-49e0-9de2-3ac7597893e5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "osquery.version: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "a8d05ed0-5f87-464c-97f3-eb0c070cc67f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "osquery.version" + }, + "a33f884c-7db9-4e1c-b593-877ba9073b27": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "osquery.name: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "a8d05ed0-5f87-464c-97f3-eb0c070cc67f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "osquery.name" + }, + "a8d05ed0-5f87-464c-97f3-eb0c070cc67f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique count of host.hostname", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "host.hostname" + }, + "d56db455-5e6c-4dd8-b7f6-1ed855fe8ce5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "osquery.platform_like: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "a8d05ed0-5f87-464c-97f3-eb0c070cc67f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "osquery.platform_like" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "39fef267-b554-42af-9ba2-8bdba8a25f43", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "hide", + "emptySizeRatio": 0.3, + "layerId": "b23918e2-e11a-4e5e-96b6-3cef10465756", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "legendSize": "auto", + "metrics": [ + "a8d05ed0-5f87-464c-97f3-eb0c070cc67f" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "d56db455-5e6c-4dd8-b7f6-1ed855fe8ce5", + "a33f884c-7db9-4e1c-b593-877ba9073b27", + "83fd9daa-7559-49e0-9de2-3ac7597893e5" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "OS versions [Osquery Manager] (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 11, + "i": "c92b4394-8f0e-4c9b-8624-e9b3f471e84e", + "w": 11, + "x": 0, + "y": 4 + }, + "panelIndex": "c92b4394-8f0e-4c9b-8624-e9b3f471e84e", + "title": "OS versions [Osquery Manager]", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3a3d7e8b-91de-4cd8-90a9-3787bf9e14b1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2a7b29ad-904b-4124-b2e8-f7df6c7f80af", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "3a3d7e8b-91de-4cd8-90a9-3787bf9e14b1": { + "columnOrder": [ + "0fade8d3-1602-4226-afc7-a354adc3047f", + "7d849795-c4d4-44dc-aa2c-e059891bb09e", + "7ad3a740-26c1-4749-864f-22eca54a6178" + ], + "columns": { + "0fade8d3-1602-4226-afc7-a354adc3047f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "osquery.path: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "7ad3a740-26c1-4749-864f-22eca54a6178", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "osquery.path" + }, + "7ad3a740-26c1-4749-864f-22eca54a6178": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7d849795-c4d4-44dc-aa2c-e059891bb09e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "osquery.type: Descending", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "7ad3a740-26c1-4749-864f-22eca54a6178", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "osquery.type" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2a7b29ad-904b-4124-b2e8-f7df6c7f80af", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_it-compliance_mounts" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_it-compliance_mounts" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "hide", + "emptySizeRatio": 0.3, + "layerId": "3a3d7e8b-91de-4cd8-90a9-3787bf9e14b1", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "legendSize": "auto", + "metrics": [ + "7ad3a740-26c1-4749-864f-22eca54a6178" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2, + "primaryGroups": [ + "0fade8d3-1602-4226-afc7-a354adc3047f", + "7d849795-c4d4-44dc-aa2c-e059891bb09e" + ], + "secondaryGroups": [], + "showValuesInLegend": true, + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Mounts by type [Osquery Manager] (converted)", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6852e184-67e3-47a9-b8e2-16f7acf2f477", + "w": 28, + "x": 20, + "y": 0 + }, + "panelIndex": "6852e184-67e3-47a9-b8e2-16f7acf2f477", + "title": "Mounts by type [Osquery Manager]", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a513d510-16de-4b56-a3df-a8351b148bcc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8a3448f-77ea-4708-af0c-d3b0f844e5ae", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "a513d510-16de-4b56-a3df-a8351b148bcc": { + "columnOrder": [ + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81c", + "125f1e7e-3fd6-47f4-a4bd-4caa32658da6", + "64ada418-f4c4-4980-86bf-08fe92516335", + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX0", + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX1" + ], + "columns": { + "125f1e7e-3fd6-47f4-a4bd-4caa32658da6": { + "dataType": "number", + "isBucketed": false, + "isStaticValue": true, + "label": "Static value: 0", + "operationType": "static_value", + "params": { + "value": "0" + }, + "references": [], + "scale": "ratio" + }, + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Live Kernel integrations", + "operationType": "formula", + "params": { + "formula": "defaults(unique_count(osquery.name), 0)", + "isFormulaBroken": false + }, + "references": [ + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX1" + ], + "scale": "ratio" + }, + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Live Kernel integrations", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "osquery.name" + }, + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Live Kernel integrations", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX0", + 0 + ], + "location": { + "max": 39, + "min": 0 + }, + "name": "defaults", + "text": "defaults(unique_count(osquery.name), 0)", + "type": "function" + } + }, + "references": [ + "160a3fcc-57b2-45d7-bdc2-4385f2cfa81cX0" + ], + "scale": "ratio" + }, + "64ada418-f4c4-4980-86bf-08fe92516335": { + "dataType": "number", + "isBucketed": false, + "isStaticValue": true, + "label": "Static value: 100", + "operationType": "static_value", + "params": { + "value": "100" + }, + "references": [], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c8a3448f-77ea-4708-af0c-d3b0f844e5ae", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_it-compliance_kernel_integrations" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_it-compliance_kernel_integrations" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "colorMode": "palette", + "labelMajorMode": "auto", + "labelMinor": "", + "layerId": "a513d510-16de-4b56-a3df-a8351b148bcc", + "layerType": "data", + "maxAccessor": "64ada418-f4c4-4980-86bf-08fe92516335", + "metricAccessor": "160a3fcc-57b2-45d7-bdc2-4385f2cfa81c", + "minAccessor": "125f1e7e-3fd6-47f4-a4bd-4caa32658da6", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "stops": [ + { + "color": "#D6E9E480", + "stop": 0 + }, + { + "color": "#AED3CA80", + "stop": 20 + }, + { + "color": "#85BDB180", + "stop": 40 + }, + { + "color": "#5AA89880", + "stop": 60 + }, + { + "color": "#20928080", + "stop": 80 + } + ] + }, + "type": "palette" + }, + "shape": "horizontalBullet", + "ticksPosition": "bands" + } + }, + "title": "Number of Kernel integrations [Osquery Manager] (converted)", + "type": "lens", + "visualizationType": "lnsGauge" + }, + "enhancements": {} + }, + "gridData": { + "h": 11, + "i": "c22bdfa4-4498-405b-bad8-3cf8bb363bc6", + "w": 9, + "x": 11, + "y": 4 + }, + "panelIndex": "c22bdfa4-4498-405b-bad8-3cf8bb363bc6", + "type": "lens", + "version": "8.7.1" + } + ], "timeRestore": false, "title": "[Osquery Manager] Compliance pack", "version": 1 }, - "coreMigrationVersion": "8.2.0", + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-06T06:40:35.459Z", "id": "osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05", "migrationVersion": { - "dashboard": "8.2.0" + "dashboard": "8.7.0" }, "references": [ { "id": "osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "panel_0", + "name": "1:panel_1", "type": "search" }, - { - "id": "osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "name": "panel_1", - "type": "visualization" - }, { "id": "osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05", - "name": "panel_2", + "name": "3:panel_3", "type": "search" }, { - "id": "osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "name": "panel_3", - "type": "visualization" + "id": "logs-*", + "name": "c92b4394-8f0e-4c9b-8624-e9b3f471e84e:indexpattern-datasource-layer-b23918e2-e11a-4e5e-96b6-3cef10465756", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c92b4394-8f0e-4c9b-8624-e9b3f471e84e:39fef267-b554-42af-9ba2-8bdba8a25f43", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6852e184-67e3-47a9-b8e2-16f7acf2f477:indexpattern-datasource-layer-3a3d7e8b-91de-4cd8-90a9-3787bf9e14b1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6852e184-67e3-47a9-b8e2-16f7acf2f477:2a7b29ad-904b-4124-b2e8-f7df6c7f80af", + "type": "index-pattern" }, { - "id": "osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05", - "name": "panel_4", - "type": "visualization" + "id": "logs-*", + "name": "c22bdfa4-4498-405b-bad8-3cf8bb363bc6:indexpattern-datasource-layer-a513d510-16de-4b56-a3df-a8351b148bcc", + "type": "index-pattern" }, { - "id": "osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "panel_5", - "type": "visualization" + "id": "logs-*", + "name": "c22bdfa4-4498-405b-bad8-3cf8bb363bc6:c8a3448f-77ea-4708-af0c-d3b0f844e5ae", + "type": "index-pattern" } ], - "type": "dashboard", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxOSw2XQ==" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/osquery_manager/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json index 8a55ba06852e..6473471b6754 100644 --- a/packages/osquery_manager/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json +++ b/packages/osquery_manager/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json @@ -1,49 +1,502 @@ { "attributes": { - "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", - "hits": 0, + "description": "This dashboard shows data collected by the OSSEC rootkit pack from Osquery", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true,\"filter\":[]}" + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", - "panelsJSON": "[{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":24,\"h\":5,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_1\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":0,\"w\":6,\"h\":5,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_2\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":0,\"w\":6,\"h\":5,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_3\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":5,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"8.2.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":5,\"w\":43,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]", + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 22, + "i": "5", + "w": 48, + "x": 0, + "y": 5 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | **[OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)**", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 5, + "i": "eb1abbec-3005-42e6-a903-de5492f4c6d6", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "eb1abbec-3005-42e6-a903-de5492f4c6d6", + "title": "Navigation [OSquery Manager]", + "type": "visualization", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from Osquery.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 5, + "i": "8b185e72-9a3d-4fa3-98ca-e9649569790c", + "w": 24, + "x": 8, + "y": 0 + }, + "panelIndex": "8b185e72-9a3d-4fa3-98ca-e9649569790c", + "title": "Info OSSEC rootkit [Osquery Manager]", + "type": "visualization", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-65394593-a1dd-49b2-b7b6-6fe4a9c16c8e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "637711a3-592b-4415-a27c-ff82348d89cf", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "65394593-a1dd-49b2-b7b6-6fe4a9c16c8e": { + "columnOrder": [ + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51", + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X0", + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X1" + ], + "columns": { + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Hosts", + "operationType": "formula", + "params": { + "formula": "defaults(unique_count(agent.name), 0)", + "isFormulaBroken": false + }, + "references": [ + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X1" + ], + "scale": "ratio" + }, + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Hosts", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "agent.name" + }, + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Hosts", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X0", + 0 + ], + "location": { + "max": 37, + "min": 0 + }, + "name": "defaults", + "text": "defaults(unique_count(agent.name), 0)", + "type": "function" + } + }, + "references": [ + "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51X0" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "637711a3-592b-4415-a27c-ff82348d89cf", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_ossec-rootkit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_ossec-rootkit" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "color": "#6092C0", + "layerId": "65394593-a1dd-49b2-b7b6-6fe4a9c16c8e", + "layerType": "data", + "metricAccessor": "8bd4a2cb-ecb9-43ec-8dee-ce0edd425f51" + } + }, + "title": "Number of hosts infected [Osquery Manager] (converted)", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "f3777bb8-bb13-4fec-86c4-cd517c5756fc", + "w": 8, + "x": 32, + "y": 0 + }, + "panelIndex": "f3777bb8-bb13-4fec-86c4-cd517c5756fc", + "title": "Number of hosts infected [Osquery Manager]", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-289d280f-f6c0-4295-9dd8-d74d35b57c3a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c6062c0d-9a70-4cd8-8d12-82276581db93", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "289d280f-f6c0-4295-9dd8-d74d35b57c3a": { + "columnOrder": [ + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdf", + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX0", + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX1" + ], + "columns": { + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Rootkits", + "operationType": "formula", + "params": { + "formula": "defaults(unique_count(action_id), 0)", + "isFormulaBroken": false + }, + "references": [ + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX1" + ], + "scale": "ratio" + }, + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rootkits", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "action_id" + }, + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rootkits", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX0", + 0 + ], + "location": { + "max": 36, + "min": 0 + }, + "name": "defaults", + "text": "defaults(unique_count(action_id), 0)", + "type": "function" + } + }, + "references": [ + "a4fc4087-3051-4d05-b7bf-661a8fc5bcdfX0" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c6062c0d-9a70-4cd8-8d12-82276581db93", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_ossec-rootkit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_ossec-rootkit" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "color": "#6092C0", + "layerId": "289d280f-f6c0-4295-9dd8-d74d35b57c3a", + "layerType": "data", + "metricAccessor": "a4fc4087-3051-4d05-b7bf-661a8fc5bcdf" + } + }, + "title": "Number of rootkits found [Osquery Manager] (converted)", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "164f132e-38d8-43b7-9757-61987c93827f", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "164f132e-38d8-43b7-9757-61987c93827f", + "title": "Number of rootkits found [Osquery Manager]", + "type": "lens", + "version": "8.7.1" + } + ], "timeRestore": false, "title": "[Osquery Manager] OSSEC rootkit pack", "version": 1 }, - "coreMigrationVersion": "8.2.0", + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-06T06:29:36.383Z", "id": "osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040", "migrationVersion": { - "dashboard": "8.2.0" + "dashboard": "8.7.0" }, "references": [ { - "id": "osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040", - "name": "1:panel_1", - "type": "visualization" + "id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040", + "name": "5:panel_5", + "type": "search" }, { - "id": "osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "name": "2:panel_2", - "type": "visualization" + "id": "logs-*", + "name": "f3777bb8-bb13-4fec-86c4-cd517c5756fc:indexpattern-datasource-layer-65394593-a1dd-49b2-b7b6-6fe4a9c16c8e", + "type": "index-pattern" }, { - "id": "osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040", - "name": "3:panel_3", - "type": "visualization" + "id": "logs-*", + "name": "f3777bb8-bb13-4fec-86c4-cd517c5756fc:637711a3-592b-4415-a27c-ff82348d89cf", + "type": "index-pattern" }, { - "id": "osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "4:panel_4", - "type": "visualization" + "id": "logs-*", + "name": "164f132e-38d8-43b7-9757-61987c93827f:indexpattern-datasource-layer-289d280f-f6c0-4295-9dd8-d74d35b57c3a", + "type": "index-pattern" }, { - "id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "5:panel_5", - "type": "search" + "id": "logs-*", + "name": "164f132e-38d8-43b7-9757-61987c93827f:c6062c0d-9a70-4cd8-8d12-82276581db93", + "type": "index-pattern" } ], - "type": "dashboard", - "updated_at": "2022-03-18T16:52:59.542Z", - "version": "WzE2Nzk2MSw2XQ==" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/osquery_manager/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json index 4950978ff21f..972b8d13ee89 100644 --- a/packages/osquery_manager/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json +++ b/packages/osquery_manager/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json @@ -6,9 +6,76 @@ "agent.name" ], "description": "", + "grid": {}, + "hideChart": false, "hits": 0, + "isTextBasedQuery": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_ossec-rootkit\"},\"version\":true}" + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_ossec-rootkit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_ossec-rootkit" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } }, "sort": [ [ @@ -16,10 +83,13 @@ "desc" ] ], + "timeRestore": false, "title": "OSSEC Rootkits [Osquery Manager]", + "usesAdHocDataView": false, "version": 1 }, - "coreMigrationVersion": "8.2.0", + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-06T05:48:25.376Z", "id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040", "migrationVersion": { "search": "8.0.0" @@ -29,9 +99,12 @@ "id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" } ], - "type": "search", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkyMSw2XQ==" + "type": "search" } \ No newline at end of file diff --git a/packages/osquery_manager/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json index 5570f08ede05..ef29d27b4328 100644 --- a/packages/osquery_manager/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json +++ b/packages/osquery_manager/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json @@ -6,9 +6,76 @@ "osquery.revision" ], "description": "", + "grid": {}, + "hideChart": false, "hits": 0, + "isTextBasedQuery": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_deb_packages\"},\"version\":true}" + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_it-compliance_deb_packages" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_it-compliance_deb_packages" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } }, "sort": [ [ @@ -16,10 +83,13 @@ "desc" ] ], + "timeRestore": false, "title": "DEB packages installed [Osquery Manager]", + "usesAdHocDataView": false, "version": 1 }, - "coreMigrationVersion": "8.2.0", + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-06T05:48:25.376Z", "id": "osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05", "migrationVersion": { "search": "8.0.0" @@ -29,9 +99,12 @@ "id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" } ], - "type": "search", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxMyw2XQ==" + "type": "search" } \ No newline at end of file diff --git a/packages/osquery_manager/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json index a1a3952c55ea..f19761c09b3c 100644 --- a/packages/osquery_manager/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json +++ b/packages/osquery_manager/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json @@ -6,9 +6,76 @@ "osquery.flags" ], "description": "", + "grid": {}, + "hideChart": false, "hits": 0, + "isTextBasedQuery": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_mounts\"},\"version\":true}" + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.module", + "index": "logs-*", + "key": "event.module", + "negate": false, + "params": { + "query": "osquery_manager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.module": "osquery_manager" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "action_id", + "index": "logs-*", + "key": "action_id", + "negate": false, + "params": { + "query": "pack_it-compliance_mounts" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "action_id": "pack_it-compliance_mounts" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } }, "sort": [ [ @@ -16,10 +83,13 @@ "desc" ] ], + "timeRestore": false, "title": "Mounts [Osquery Manager]", + "usesAdHocDataView": false, "version": 1 }, - "coreMigrationVersion": "8.2.0", + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-06T05:48:25.376Z", "id": "osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05", "migrationVersion": { "search": "8.0.0" @@ -29,9 +99,12 @@ "id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" } ], - "type": "search", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxMSw2XQ==" + "type": "search" } \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/visualization/osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05.json deleted file mode 100644 index 83aa058b7e08..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "savedSearchRefName": "search_0", - "title": "OS versions [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"host.hostname\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"osquery.platform_like\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.version\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"},\"title\":\"OS versions [Osquery Manager]\",\"type\":\"pie\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [ - { - "id": "osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxNSw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/visualization/osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05.json deleted file mode 100644 index 9f50f051ba83..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"osquery.status\",\"negate\":false,\"params\":{\"query\":\"Live\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"Live\"},\"query\":{\"match\":{\"osquery.status\":{\"query\":\"Live\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "savedSearchRefName": "search_0", - "title": "Number of Kernel integrations [Osquery Manager]", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Live Kernel integrations\",\"field\":\"osquery.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"horizontal\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Number of Kernel integrations [Osquery Manager]\",\"type\":\"gauge\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxNyw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json deleted file mode 100644 index caf9eb1fa2fb..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "title": "Navigation [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Navigation [Osquery Manager]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)\",\"openLinksInNewTab\":false}}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2022-03-18T16:53:19.189Z", - "version": "WzE2Nzk2OSw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/visualization/osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040.json deleted file mode 100644 index 12c4baf64bae..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Info OSSEC rootkit [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"This dashboard shows data collected by the ossec-rootkit pack from osquery.\"},\"title\":\"Info OSSEC rootkit [Osquery Manager]\",\"type\":\"markdown\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkyMCw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json b/packages/osquery_manager/kibana/visualization/osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json deleted file mode 100644 index dce215b2b035..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "savedSearchRefName": "search_0", - "title": "Mounts by type [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.path\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"},\"title\":\"Mounts by type [Osquery Manager]\",\"type\":\"pie\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [ - { - "id": "osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkxMiw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/visualization/osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index 73e47dac2482..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "savedSearchRefName": "search_0", - "title": "Number of hosts infected [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Hosts\",\"field\":\"agent.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of hosts infected [Osquery Manager]\",\"type\":\"metric\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [ - { - "id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkyMyw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/visualization/osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index be0596b27059..000000000000 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "savedSearchRefName": "search_0", - "title": "Number of rootkits found [Osquery Manager]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Rootkits\",\"field\":\"action_id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of rootkits found [Osquery Manager]\",\"type\":\"metric\"}" - }, - "coreMigrationVersion": "8.2.0", - "id": "osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "8.1.0" - }, - "references": [ - { - "id": "osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2022-03-18T16:51:37.575Z", - "version": "WzE2NzkyMiw2XQ==" -} \ No newline at end of file diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml index 983caeb6f552..6e688a513ff3 100644 --- a/packages/osquery_manager/manifest.yml +++ b/packages/osquery_manager/manifest.yml @@ -1,15 +1,15 @@ format_version: 1.0.0 name: osquery_manager title: Osquery Manager -version: 1.7.4 +version: 1.8.4 license: basic -description: Deploy osquery with Elastic Agent, then run and schedule queries in Kibana +description: Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana type: integration release: ga categories: - security conditions: - kibana.version: ^8.7.0 + kibana.version: ^8.7.1 icons: - src: /img/logo_osquery.svg title: logo osquery