diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 5881409044c..ee58025fd1d 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.17.0" + changes: + - description: Add dashboards. + type: enhancement + link: https://github.com/elastic/integrations/pull/5472 - version: "1.16.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/checkpoint/img/addresses_and_ports.png b/packages/checkpoint/img/addresses_and_ports.png new file mode 100644 index 00000000000..5d32e047d3a Binary files /dev/null and b/packages/checkpoint/img/addresses_and_ports.png differ diff --git a/packages/checkpoint/img/overview.png b/packages/checkpoint/img/overview.png new file mode 100644 index 00000000000..8d5829aef9e Binary files /dev/null and b/packages/checkpoint/img/overview.png differ diff --git a/packages/checkpoint/img/time_and_place.png b/packages/checkpoint/img/time_and_place.png new file mode 100644 index 00000000000..dbca63cc28f Binary files /dev/null and b/packages/checkpoint/img/time_and_place.png differ diff --git a/packages/checkpoint/img/time_and_traffic.png b/packages/checkpoint/img/time_and_traffic.png new file mode 100644 index 00000000000..fa511e1f667 Binary files /dev/null and b/packages/checkpoint/img/time_and_traffic.png differ diff --git a/packages/checkpoint/kibana/dashboard/checkpoint-259c5770-bd5b-11ed-b58e-dda7b2de7340.json b/packages/checkpoint/kibana/dashboard/checkpoint-259c5770-bd5b-11ed-b58e-dda7b2de7340.json new file mode 100644 index 00000000000..ebea06109fb --- /dev/null +++ b/packages/checkpoint/kibana/dashboard/checkpoint-259c5770-bd5b-11ed-b58e-dda7b2de7340.json @@ -0,0 +1,1925 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Action\",\"id\":\"b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255\",\"enhancements\":{}}},\"7387eaf0-811d-473e-824c-0668139e5f93\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"network.name\",\"title\":\"Network Name\",\"id\":\"7387eaf0-811d-473e-824c-0668139e5f93\",\"enhancements\":{}}}}" + }, + "description": "Overview of Check Point firewall logs.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5e16c147-4fa7-461f-986a-9e3a9ef9a1da": { + "columnOrder": [ + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280" + ], + "columns": { + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280", + "layerId": "5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "8e1d3704-659d-45bd-81e9-c12d8711ed0e", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "8e1d3704-659d-45bd-81e9-c12d8711ed0e", + "title": "Total Events", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-49437170-deba-480e-ab7f-23c8f5160cfb", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "49437170-deba-480e-ab7f-23c8f5160cfb": { + "columnOrder": [ + "f8d221fc-9151-4df2-b62e-cfe69d628c37", + "fd11de3a-b963-43a2-aad4-53bee0c689bf", + "8a99481a-1880-4d17-87c5-829d963fe4d5" + ], + "columns": { + "8a99481a-1880-4d17-87c5-829d963fe4d5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f8d221fc-9151-4df2-b62e-cfe69d628c37": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "8a99481a-1880-4d17-87c5-829d963fe4d5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "fd11de3a-b963-43a2-aad4-53bee0c689bf": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "8a99481a-1880-4d17-87c5-829d963fe4d5" + ], + "layerId": "49437170-deba-480e-ab7f-23c8f5160cfb", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "f8d221fc-9151-4df2-b62e-cfe69d628c37", + "xAccessor": "fd11de3a-b963-43a2-aad4-53bee0c689bf" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "db24840e-afff-46fe-86b5-a1948f1dd3ac", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "9a470277-f4c0-4490-b34d-90f662e6b27d", + "w": 40, + "x": 8, + "y": 0 + }, + "panelIndex": "9a470277-f4c0-4490-b34d-90f662e6b27d", + "title": "Actions Over Time", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "# **Check Point Overview**\n\n- [Time and Place](#/view/checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f)\n- [Time and Traffic](#/view/checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340)\n- [Addresses and Ports](#/view/checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 7, + "i": "2ac5817d-9a4e-43bd-91fe-25ee3d24ab71", + "w": 16, + "x": 0, + "y": 7 + }, + "panelIndex": "2ac5817d-9a4e-43bd-91fe-25ee3d24ab71", + "type": "visualization", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5e16c147-4fa7-461f-986a-9e3a9ef9a1da": { + "columnOrder": [ + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280" + ], + "columns": { + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of source.ip", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280", + "layerId": "5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "9a7f33dd-3de7-4c45-95b0-8543c21db75e", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "04aea677-b846-40dd-9e01-4b246f8324a1", + "w": 8, + "x": 16, + "y": 7 + }, + "panelIndex": "04aea677-b846-40dd-9e01-4b246f8324a1", + "title": "Unique Source IPs", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5e16c147-4fa7-461f-986a-9e3a9ef9a1da": { + "columnOrder": [ + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280" + ], + "columns": { + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of destination.ip", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280", + "layerId": "5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "f673ef42-5c77-46e3-b294-4b0b483eef8d", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "b0dbf46e-dc60-441e-afbf-e079af59a189", + "w": 8, + "x": 32, + "y": 7 + }, + "panelIndex": "b0dbf46e-dc60-441e-afbf-e079af59a189", + "title": "Unique Destination IPs", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5e16c147-4fa7-461f-986a-9e3a9ef9a1da": { + "columnOrder": [ + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280" + ], + "columns": { + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of destination.nat.ip", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "destination.nat.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280", + "layerId": "5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "2c48ae84-2abe-49bb-b83a-9ae6b809efe2", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "c1122e77-a7b8-4c22-ba20-30e4b3fe4435", + "w": 8, + "x": 40, + "y": 7 + }, + "panelIndex": "c1122e77-a7b8-4c22-ba20-30e4b3fe4435", + "title": "Unique Destination NAT IPs", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5e16c147-4fa7-461f-986a-9e3a9ef9a1da": { + "columnOrder": [ + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280" + ], + "columns": { + "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of source.nat.ip", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "source.nat.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "31ea7a4c-5b88-4a0d-9e28-e6aef9f63280", + "layerId": "5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "4e2ead56-67cc-471e-95ee-328910250e51", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "8e73db48-5fa5-41a7-bd72-fc57420c788b", + "w": 8, + "x": 24, + "y": 7 + }, + "panelIndex": "8e73db48-5fa5-41a7-bd72-fc57420c788b", + "title": "Unique Source NAT IPs", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.application", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "number", + "isBucketed": true, + "label": "Top 5 values of source.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.port" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "60c3e5c8-a077-42ba-b766-b6ff9ff6b4fc", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ba72b185-1f20-45a1-bdc9-16de58df65fd", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "ba72b185-1f20-45a1-bdc9-16de58df65fd", + "title": "Source Transport, Application and Port", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of source.geo.country_iso_code", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_iso_code" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of source.as.organization.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.as.organization.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "acbf5a1c-18ed-4ca3-8a4d-bfbbfb50a025", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "471a1fad-919d-44f8-8861-b0f18bd9dfd3", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "471a1fad-919d-44f8-8861-b0f18bd9dfd3", + "title": "Source Organisation and Country", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.application", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "32b70f05-35c4-41d7-ad14-935fd3fca294", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b9eeb178-c253-44b4-8bf4-e3c8523df550", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "b9eeb178-c253-44b4-8bf4-e3c8523df550", + "title": "Action by Traffic and Application", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.application", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "number", + "isBucketed": true, + "label": "Top 5 values of source.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.port" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "0304e90b-696d-48bd-aa6c-eb5b84012ee8", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "73af3fd7-6ad4-49ba-ac82-a77ea5ceb085", + "w": 16, + "x": 16, + "y": 29 + }, + "panelIndex": "73af3fd7-6ad4-49ba-ac82-a77ea5ceb085", + "title": "Destination Transport, Application and Port", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of destination.geo.country_iso_code", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_iso_code" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of destination.as.organization.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.as.organization.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "3185748b-cfdb-4b4f-bd0f-174ce5f1c14b", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b34e7f82-8429-4917-9d55-89dd99aeafe5", + "w": 16, + "x": 32, + "y": 29 + }, + "panelIndex": "b34e7f82-8429-4917-9d55-89dd99aeafe5", + "title": "Destination Organisation and Country", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.application", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Dashboard" + }, + "eventId": "2eea0b88-2380-4d7c-bae4-804fbd7116e2", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c9d425ce-0194-4158-bb44-f0d941c386e4", + "w": 16, + "x": 0, + "y": 29 + }, + "panelIndex": "c9d425ce-0194-4158-bb44-f0d941c386e4", + "title": "Traffic and Application by Network", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "343047af-e3d9-44c7-8fb4-f425c0c1345e", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "343047af-e3d9-44c7-8fb4-f425c0c1345e", + "title": "Log stream", + "type": "LOG_STREAM_EMBEDDABLE", + "version": "8.6.1" + } + ], + "timeRestore": false, + "title": "[Check Point] Overview", + "version": 1 + }, + "coreMigrationVersion": "8.6.1", + "created_at": "2023-03-08T05:08:57.078Z", + "id": "checkpoint-259c5770-bd5b-11ed-b58e-dda7b2de7340", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e1d3704-659d-45bd-81e9-c12d8711ed0e:indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a470277-f4c0-4490-b34d-90f662e6b27d:indexpattern-datasource-layer-49437170-deba-480e-ab7f-23c8f5160cfb", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "9a470277-f4c0-4490-b34d-90f662e6b27d:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:db24840e-afff-46fe-86b5-a1948f1dd3ac:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "04aea677-b846-40dd-9e01-4b246f8324a1:indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + }, + { + "id": "checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4", + "name": "04aea677-b846-40dd-9e01-4b246f8324a1:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9a7f33dd-3de7-4c45-95b0-8543c21db75e:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "b0dbf46e-dc60-441e-afbf-e079af59a189:indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + }, + { + "id": "checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4", + "name": "b0dbf46e-dc60-441e-afbf-e079af59a189:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:f673ef42-5c77-46e3-b294-4b0b483eef8d:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "c1122e77-a7b8-4c22-ba20-30e4b3fe4435:indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + }, + { + "id": "checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4", + "name": "c1122e77-a7b8-4c22-ba20-30e4b3fe4435:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:2c48ae84-2abe-49bb-b83a-9ae6b809efe2:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "8e73db48-5fa5-41a7-bd72-fc57420c788b:indexpattern-datasource-layer-5e16c147-4fa7-461f-986a-9e3a9ef9a1da", + "type": "index-pattern" + }, + { + "id": "checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4", + "name": "8e73db48-5fa5-41a7-bd72-fc57420c788b:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:4e2ead56-67cc-471e-95ee-328910250e51:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "ba72b185-1f20-45a1-bdc9-16de58df65fd:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "ba72b185-1f20-45a1-bdc9-16de58df65fd:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:60c3e5c8-a077-42ba-b766-b6ff9ff6b4fc:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "471a1fad-919d-44f8-8861-b0f18bd9dfd3:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "471a1fad-919d-44f8-8861-b0f18bd9dfd3:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:acbf5a1c-18ed-4ca3-8a4d-bfbbfb50a025:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "b9eeb178-c253-44b4-8bf4-e3c8523df550:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "b9eeb178-c253-44b4-8bf4-e3c8523df550:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:32b70f05-35c4-41d7-ad14-935fd3fca294:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "73af3fd7-6ad4-49ba-ac82-a77ea5ceb085:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "73af3fd7-6ad4-49ba-ac82-a77ea5ceb085:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:0304e90b-696d-48bd-aa6c-eb5b84012ee8:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "b34e7f82-8429-4917-9d55-89dd99aeafe5:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "b34e7f82-8429-4917-9d55-89dd99aeafe5:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:3185748b-cfdb-4b4f-bd0f-174ce5f1c14b:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "c9d425ce-0194-4158-bb44-f0d941c386e4:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "c9d425ce-0194-4158-bb44-f0d941c386e4:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:2eea0b88-2380-4d7c-bae4-804fbd7116e2:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "controlGroup_b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_7387eaf0-811d-473e-824c-0668139e5f93:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/checkpoint/kibana/dashboard/checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340.json b/packages/checkpoint/kibana/dashboard/checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340.json new file mode 100644 index 00000000000..c118a8a5879 --- /dev/null +++ b/packages/checkpoint/kibana/dashboard/checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340.json @@ -0,0 +1,999 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"c2bc8172-2ae5-420d-9c66-b9a14fd9a6ff\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"timeSlider\",\"explicitInput\":{\"title\":\"Time slider\",\"id\":\"c2bc8172-2ae5-420d-9c66-b9a14fd9a6ff\",\"timesliceStartAsPercentageOfTimeRange\":0.42524339351851853,\"timesliceEndAsPercentageOfTimeRange\":0.8287772947530864,\"enhancements\":{}}},\"03a22b77-28d1-4a04-a2c4-a391cbe39184\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Action\",\"id\":\"03a22b77-28d1-4a04-a2c4-a391cbe39184\",\"enhancements\":{}}}}" + }, + "description": "Display temporal and traffic-type logged by the firewall.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "d68976f9-9619-4c37-a933-775ad7f1698d", + "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95", + "77f83df5-a112-474d-826e-b74314cb20aa" + ], + "columns": { + "77f83df5-a112-474d-826e-b74314cb20aa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d68976f9-9619-4c37-a933-775ad7f1698d": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "77f83df5-a112-474d-826e-b74314cb20aa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "77f83df5-a112-474d-826e-b74314cb20aa", + "xAccessor": "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95", + "yAccessor": "d68976f9-9619-4c37-a933-775ad7f1698d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55", + "w": 27, + "x": 0, + "y": 0 + }, + "panelIndex": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55", + "title": "Action", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7551f3d-5efd-4fb2-bb69-38618e9a9036": { + "columnOrder": [ + "60dce627-4f4a-43a3-9f6d-bd75a202fab0", + "030f0336-8f78-4077-9777-f78162dd97e3", + "9ed27413-6e4a-4e94-a0bc-555561bf6d98", + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "columns": { + "030f0336-8f78-4077-9777-f78162dd97e3": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "44b55436-f051-4008-bfda-c4ad336ed0cd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "60dce627-4f4a-43a3-9f6d-bd75a202fab0": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "9ed27413-6e4a-4e94-a0bc-555561bf6d98": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.direction" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "9ed27413-6e4a-4e94-a0bc-555561bf6d98", + "60dce627-4f4a-43a3-9f6d-bd75a202fab0", + "030f0336-8f78-4077-9777-f78162dd97e3" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 20, + "i": "bb090f86-b705-441a-bd4f-ff013566a870", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "bb090f86-b705-441a-bd4f-ff013566a870", + "title": "Action Direction and Transport", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "78724afd-3569-45b7-b2b5-ade751660c02", + "7dedbfb8-48b8-4038-a460-868336bdcebd", + "75d23ed7-d76e-45e5-8ecb-2ace52c03e11" + ], + "columns": { + "75d23ed7-d76e-45e5-8ecb-2ace52c03e11": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "78724afd-3569-45b7-b2b5-ade751660c02": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "75d23ed7-d76e-45e5-8ecb-2ace52c03e11", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "7dedbfb8-48b8-4038-a460-868336bdcebd": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "75d23ed7-d76e-45e5-8ecb-2ace52c03e11", + "xAccessor": "7dedbfb8-48b8-4038-a460-868336bdcebd", + "yAccessor": "78724afd-3569-45b7-b2b5-ade751660c02" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "5220ed40-ee5c-4aae-af10-35a04126615c", + "w": 27, + "x": 0, + "y": 8 + }, + "panelIndex": "5220ed40-ee5c-4aae-af10-35a04126615c", + "title": "Network Direction", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84dc475d-9b90-4783-b018-516bd75a3f4c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "9e28538f-c1e4-4907-9c94-4d2f6fde5e03", + "fd1f498a-3a13-4224-9118-2026d4de9e05", + "dacc72b5-650c-4b22-a6b2-33bc27e009a1" + ], + "columns": { + "9e28538f-c1e4-4907-9c94-4d2f6fde5e03": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "dacc72b5-650c-4b22-a6b2-33bc27e009a1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fd1f498a-3a13-4224-9118-2026d4de9e05": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "84dc475d-9b90-4783-b018-516bd75a3f4c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "xAccessor": "fd1f498a-3a13-4224-9118-2026d4de9e05", + "yAccessor": "9e28538f-c1e4-4907-9c94-4d2f6fde5e03" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "d117323b-c652-401a-938e-51d20c7be58c", + "w": 27, + "x": 0, + "y": 15 + }, + "panelIndex": "d117323b-c652-401a-938e-51d20c7be58c", + "title": "Transport", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"locale\":\"autoselect\",\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"1b84e1d2-1cb5-4287-a681-d1622795e423\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"EMS_VECTOR_TILE\",\"color\":\"\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"id\":\"372610af-5ea1-4fca-b58e-b2074dcc3cc9\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"theclassic\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":10,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"06999fd6-0403-4553-9d41-4e5495200227\",\"label\":\"Traffic Links\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.1,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"FINE\",\"id\":\"e31f159d-257f-494d-a1ed-a2ce518f955f\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"fdac5a51-e1c2-416a-bff9-49a6d41ce91a\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"Reds\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"FINE\",\"id\":\"1c0e03aa-5414-412f-a201-dbc93f3760e3\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"2700448b-b576-470b-9426-ab6e4550cb00\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"Greens\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"adHocDataViews\":[],\"zoom\":1.67,\"center\":{\"lon\":-20.31667,\"lat\":0},\"timeFilters\":{\"from\":\"now-15d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"keydownScrollZoom\":false,\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"fdac5a51-e1c2-416a-bff9-49a6d41ce91a\",\"2700448b-b576-470b-9426-ab6e4550cb00\",\"06999fd6-0403-4553-9d41-4e5495200227\"]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -360 + }, + "mapCenter": { + "lat": 12.90738, + "lon": 11.23331, + "zoom": 0.38 + }, + "openTOCDetails": [ + "fdac5a51-e1c2-416a-bff9-49a6d41ce91a", + "2700448b-b576-470b-9426-ab6e4550cb00" + ] + }, + "gridData": { + "h": 18, + "i": "1bb4d88d-e80b-4d8f-a60c-1402704f442f", + "w": 21, + "x": 27, + "y": 20 + }, + "panelIndex": "1bb4d88d-e80b-4d8f-a60c-1402704f442f", + "title": "Traffic Map", + "type": "map", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95046f1a-8f94-4256-a6dc-1797587d4002", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "6b7ff1d0-651f-4505-a097-58bf127cfbf8", + "fd1f498a-3a13-4224-9118-2026d4de9e05", + "dacc72b5-650c-4b22-a6b2-33bc27e009a1" + ], + "columns": { + "6b7ff1d0-651f-4505-a097-58bf127cfbf8": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.application", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "dacc72b5-650c-4b22-a6b2-33bc27e009a1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fd1f498a-3a13-4224-9118-2026d4de9e05": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "95046f1a-8f94-4256-a6dc-1797587d4002", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "xAccessor": "fd1f498a-3a13-4224-9118-2026d4de9e05", + "yAccessor": "6b7ff1d0-651f-4505-a097-58bf127cfbf8" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e", + "w": 27, + "x": 0, + "y": 23 + }, + "panelIndex": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e", + "title": "Application", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "### Time and Traffic Type for Check Point firewall\n\nThe time and traffic type dashboard gives a temporal and traffic-type view of traffic logged by the firewall.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 7, + "i": "8c4e232e-be94-456e-97fa-dd1afe5a8a8f", + "w": 27, + "x": 0, + "y": 31 + }, + "panelIndex": "8c4e232e-be94-456e-97fa-dd1afe5a8a8f", + "title": "Description", + "type": "visualization", + "version": "8.6.1" + } + ], + "timeRestore": false, + "title": "[Check Point] Time and Traffic", + "version": 1 + }, + "coreMigrationVersion": "8.6.1", + "created_at": "2023-03-08T05:09:22.176Z", + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55:07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bb090f86-b705-441a-bd4f-ff013566a870:indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5220ed40-ee5c-4aae-af10-35a04126615c:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5220ed40-ee5c-4aae-af10-35a04126615c:b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d117323b-c652-401a-938e-51d20c7be58c:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d117323b-c652-401a-938e-51d20c7be58c:84dc475d-9b90-4783-b018-516bd75a3f4c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e:95046f1a-8f94-4256-a6dc-1797587d4002", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_03a22b77-28d1-4a04-a2c4-a391cbe39184:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/checkpoint/kibana/dashboard/checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4.json b/packages/checkpoint/kibana/dashboard/checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4.json new file mode 100644 index 00000000000..86d83306887 --- /dev/null +++ b/packages/checkpoint/kibana/dashboard/checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4.json @@ -0,0 +1,1301 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Action\",\"id\":\"b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255\",\"enhancements\":{}}},\"7387eaf0-811d-473e-824c-0668139e5f93\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"network.name\",\"title\":\"Network Name\",\"id\":\"7387eaf0-811d-473e-824c-0668139e5f93\",\"enhancements\":{},\"selectedOptions\":[]}},\"33169cc2-ccd0-4b2c-9513-deccebca4fd4\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"network.transport\",\"title\":\"Transport\",\"id\":\"33169cc2-ccd0-4b2c-9513-deccebca4fd4\",\"enhancements\":{}}}}" + }, + "description": "Display IP addresses and ports logged by Check Point firewall.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "44622c39-742c-4858-b778-36290f24d715", + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "44622c39-742c-4858-b778-36290f24d715": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.name" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "network.transport" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "44622c39-742c-4858-b778-36290f24d715", + "99276086-6365-4b8a-9732-7168754a26c9" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "ef362910-58d6-4cc7-bda6-6947ea333ea4", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "7f1254d8-c0e5-4285-a2e1-ae7f599ec604", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "7f1254d8-c0e5-4285-a2e1-ae7f599ec604", + "title": "Transport by Network Name", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of source.ip", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "number", + "isBucketed": true, + "label": "Top 5 values of source.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.port" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "e6b3416e-0a8a-4f40-8ff9-a3c2002c0c1c", + "triggers": [ + "FILTER_TRIGGER" + ] + }, + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Place Dashboard" + }, + "eventId": "b897b52c-8a0d-4dc8-97f4-aacc5baebfa7", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 21, + "i": "b9eeb178-c253-44b4-8bf4-e3c8523df550", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "b9eeb178-c253-44b4-8bf4-e3c8523df550", + "title": "Action by Source Address and Port", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "02a3e828-248e-4c9c-b220-1d6cc9d18825": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of destination.ip", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650": { + "dataType": "number", + "isBucketed": true, + "label": "Top 5 values of destination.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.port" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "02a3e828-248e-4c9c-b220-1d6cc9d18825", + "5c3ddd49-8285-468d-ab1d-2ffc40c8a650" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "3c2f2d53-4cc3-45d2-ab74-33988176bff7", + "triggers": [ + "FILTER_TRIGGER" + ] + }, + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Place Dashboard" + }, + "eventId": "a2ba2ce1-1bcd-4004-a2c4-7fa178c94049", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 21, + "i": "b7abaefb-d25d-40c9-a26d-bb4c49a15fb7", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "b7abaefb-d25d-40c9-a26d-bb4c49a15fb7", + "title": "Action by Destination Address and Port", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 10 values of source.ip", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Place Dashboard" + }, + "eventId": "25eede3b-6417-48d9-9af3-b02575a5e52f", + "triggers": [ + "FILTER_TRIGGER" + ] + }, + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "b0cb6241-44a0-402c-8009-504e02ce81f3", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "c9d425ce-0194-4158-bb44-f0d941c386e4", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "c9d425ce-0194-4158-bb44-f0d941c386e4", + "title": "Source IP Address", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 10 values of destination.ip", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Place Dashboard" + }, + "eventId": "7c029dda-8f70-4154-929f-28edaaa36c96", + "triggers": [ + "FILTER_TRIGGER" + ] + }, + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "a9d23a48-353c-498e-bc35-3b54e4ae9963", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "cfccd943-e715-4f23-9a68-987c92ad56a9", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "cfccd943-e715-4f23-9a68-987c92ad56a9", + "title": "Destination IP Address", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "number", + "isBucketed": true, + "label": "Top 10 values of source.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.port" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "e97977ec-5a6c-4fcd-96cb-51ff0964ff4a", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "bb208876-3632-440f-8c8a-d474d988560f", + "w": 24, + "x": 0, + "y": 41 + }, + "panelIndex": "bb208876-3632-440f-8c8a-d474d988560f", + "title": "Source Port", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f59bec67-4ffc-419c-a3db-56345d39f374": { + "columnOrder": [ + "99276086-6365-4b8a-9732-7168754a26c9", + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "columns": { + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "99276086-6365-4b8a-9732-7168754a26c9": { + "dataType": "number", + "isBucketed": true, + "label": "Top 10 values of destination.port", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1f2617b2-fe7c-47da-b3ee-22bacca0fe31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.port" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f59bec67-4ffc-419c-a3db-56345d39f374", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "1f2617b2-fe7c-47da-b3ee-22bacca0fe31" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "99276086-6365-4b8a-9732-7168754a26c9" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": { + "dynamicActions": { + "events": [ + { + "action": { + "config": { + "openInNewTab": false, + "useCurrentDateRange": true, + "useCurrentFilters": true + }, + "factoryId": "DASHBOARD_TO_DASHBOARD_DRILLDOWN", + "name": "Go to Time and Traffic Dashboard" + }, + "eventId": "888b8b43-a76b-476c-9474-10977746c52c", + "triggers": [ + "FILTER_TRIGGER" + ] + } + ] + } + }, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "d1b79050-b6cc-4c2c-97db-244deac3353c", + "w": 24, + "x": 24, + "y": 41 + }, + "panelIndex": "d1b79050-b6cc-4c2c-97db-244deac3353c", + "title": "Destination Port", + "type": "lens", + "version": "8.6.1" + } + ], + "timeRestore": false, + "title": "[Check Point] Addresses and Ports", + "version": 1 + }, + "coreMigrationVersion": "8.6.1", + "created_at": "2023-03-08T05:09:41.084Z", + "id": "checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f1254d8-c0e5-4285-a2e1-ae7f599ec604:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "7f1254d8-c0e5-4285-a2e1-ae7f599ec604:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:ef362910-58d6-4cc7-bda6-6947ea333ea4:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "b9eeb178-c253-44b4-8bf4-e3c8523df550:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "b9eeb178-c253-44b4-8bf4-e3c8523df550:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:e6b3416e-0a8a-4f40-8ff9-a3c2002c0c1c:dashboardId", + "type": "dashboard" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "b9eeb178-c253-44b4-8bf4-e3c8523df550:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:b897b52c-8a0d-4dc8-97f4-aacc5baebfa7:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "b7abaefb-d25d-40c9-a26d-bb4c49a15fb7:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "b7abaefb-d25d-40c9-a26d-bb4c49a15fb7:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:3c2f2d53-4cc3-45d2-ab74-33988176bff7:dashboardId", + "type": "dashboard" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "b7abaefb-d25d-40c9-a26d-bb4c49a15fb7:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:a2ba2ce1-1bcd-4004-a2c4-7fa178c94049:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "c9d425ce-0194-4158-bb44-f0d941c386e4:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "c9d425ce-0194-4158-bb44-f0d941c386e4:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:25eede3b-6417-48d9-9af3-b02575a5e52f:dashboardId", + "type": "dashboard" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "c9d425ce-0194-4158-bb44-f0d941c386e4:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:b0cb6241-44a0-402c-8009-504e02ce81f3:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "cfccd943-e715-4f23-9a68-987c92ad56a9:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "name": "cfccd943-e715-4f23-9a68-987c92ad56a9:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:7c029dda-8f70-4154-929f-28edaaa36c96:dashboardId", + "type": "dashboard" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "cfccd943-e715-4f23-9a68-987c92ad56a9:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:a9d23a48-353c-498e-bc35-3b54e4ae9963:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "bb208876-3632-440f-8c8a-d474d988560f:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "bb208876-3632-440f-8c8a-d474d988560f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:e97977ec-5a6c-4fcd-96cb-51ff0964ff4a:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "d1b79050-b6cc-4c2c-97db-244deac3353c:indexpattern-datasource-layer-f59bec67-4ffc-419c-a3db-56345d39f374", + "type": "index-pattern" + }, + { + "id": "checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340", + "name": "d1b79050-b6cc-4c2c-97db-244deac3353c:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:888b8b43-a76b-476c-9474-10977746c52c:dashboardId", + "type": "dashboard" + }, + { + "id": "logs-*", + "name": "controlGroup_b4a6c55d-4c6c-49d4-a81c-64fbe1ff1255:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_7387eaf0-811d-473e-824c-0668139e5f93:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_33169cc2-ccd0-4b2c-9513-deccebca4fd4:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/checkpoint/kibana/dashboard/checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f.json b/packages/checkpoint/kibana/dashboard/checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f.json new file mode 100644 index 00000000000..5d202e5e404 --- /dev/null +++ b/packages/checkpoint/kibana/dashboard/checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f.json @@ -0,0 +1,1170 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"c2bc8172-2ae5-420d-9c66-b9a14fd9a6ff\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"timeSlider\",\"explicitInput\":{\"title\":\"Time slider\",\"id\":\"c2bc8172-2ae5-420d-9c66-b9a14fd9a6ff\",\"timesliceStartAsPercentageOfTimeRange\":0.42524339351851853,\"timesliceEndAsPercentageOfTimeRange\":0.8287772947530864,\"enhancements\":{}}},\"03a22b77-28d1-4a04-a2c4-a391cbe39184\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Action\",\"id\":\"03a22b77-28d1-4a04-a2c4-a391cbe39184\",\"enhancements\":{}}}}" + }, + "description": "Display geo-temporal and organisational traffic logged by the firewall.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "d68976f9-9619-4c37-a933-775ad7f1698d", + "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95", + "77f83df5-a112-474d-826e-b74314cb20aa" + ], + "columns": { + "77f83df5-a112-474d-826e-b74314cb20aa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d68976f9-9619-4c37-a933-775ad7f1698d": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.action", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "77f83df5-a112-474d-826e-b74314cb20aa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "77f83df5-a112-474d-826e-b74314cb20aa", + "xAccessor": "bcfcc83c-acc5-4f70-901f-7fdc0db6ee95", + "yAccessor": "d68976f9-9619-4c37-a933-775ad7f1698d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55", + "w": 27, + "x": 0, + "y": 0 + }, + "panelIndex": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55", + "title": "Action", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7551f3d-5efd-4fb2-bb69-38618e9a9036": { + "columnOrder": [ + "b75e35d1-15b6-4dec-aff3-460b8a6524d8", + "030f0336-8f78-4077-9777-f78162dd97e3", + "9ed27413-6e4a-4e94-a0bc-555561bf6d98", + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "columns": { + "030f0336-8f78-4077-9777-f78162dd97e3": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "44b55436-f051-4008-bfda-c4ad336ed0cd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "9ed27413-6e4a-4e94-a0bc-555561bf6d98": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "b75e35d1-15b6-4dec-aff3-460b8a6524d8": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of source.as.organization.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.as.organization.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "b75e35d1-15b6-4dec-aff3-460b8a6524d8", + "030f0336-8f78-4077-9777-f78162dd97e3", + "9ed27413-6e4a-4e94-a0bc-555561bf6d98" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 23, + "i": "bb090f86-b705-441a-bd4f-ff013566a870", + "w": 21, + "x": 27, + "y": 0 + }, + "panelIndex": "bb090f86-b705-441a-bd4f-ff013566a870", + "title": "Source Organisation and Transport Type", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "78724afd-3569-45b7-b2b5-ade751660c02", + "7dedbfb8-48b8-4038-a460-868336bdcebd", + "75d23ed7-d76e-45e5-8ecb-2ace52c03e11" + ], + "columns": { + "75d23ed7-d76e-45e5-8ecb-2ace52c03e11": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "78724afd-3569-45b7-b2b5-ade751660c02": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "75d23ed7-d76e-45e5-8ecb-2ace52c03e11", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "7dedbfb8-48b8-4038-a460-868336bdcebd": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "75d23ed7-d76e-45e5-8ecb-2ace52c03e11", + "xAccessor": "7dedbfb8-48b8-4038-a460-868336bdcebd", + "yAccessor": "78724afd-3569-45b7-b2b5-ade751660c02" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 6, + "i": "5220ed40-ee5c-4aae-af10-35a04126615c", + "w": 27, + "x": 0, + "y": 7 + }, + "panelIndex": "5220ed40-ee5c-4aae-af10-35a04126615c", + "title": "Network Direction", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2548b054-f23b-49ab-b36e-93739d57c5f0", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "0c432eaf-8f40-4448-9db1-bb601bc9bd1d", + "fd1f498a-3a13-4224-9118-2026d4de9e05", + "dacc72b5-650c-4b22-a6b2-33bc27e009a1" + ], + "columns": { + "0c432eaf-8f40-4448-9db1-bb601bc9bd1d": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of source.geo.continent_name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.continent_name" + }, + "dacc72b5-650c-4b22-a6b2-33bc27e009a1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fd1f498a-3a13-4224-9118-2026d4de9e05": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2548b054-f23b-49ab-b36e-93739d57c5f0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "xAccessor": "fd1f498a-3a13-4224-9118-2026d4de9e05", + "yAccessor": "0c432eaf-8f40-4448-9db1-bb601bc9bd1d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "d117323b-c652-401a-938e-51d20c7be58c", + "w": 27, + "x": 0, + "y": 13 + }, + "panelIndex": "d117323b-c652-401a-938e-51d20c7be58c", + "title": "Source Continent", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7e4d0afe-2489-45cc-9d7f-758db1ba65fc", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "727f696c-b9e9-4d94-869e-768316c6f35f": { + "columnOrder": [ + "5e01ee8c-3deb-48d9-b164-d34e09393f4f", + "fd1f498a-3a13-4224-9118-2026d4de9e05", + "dacc72b5-650c-4b22-a6b2-33bc27e009a1" + ], + "columns": { + "5e01ee8c-3deb-48d9-b164-d34e09393f4f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of destination.geo.continent_name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.continent_name" + }, + "dacc72b5-650c-4b22-a6b2-33bc27e009a1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fd1f498a-3a13-4224-9118-2026d4de9e05": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "7e4d0afe-2489-45cc-9d7f-758db1ba65fc", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "checkpoint.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "checkpoint.firewall" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isXAxisTitleVisible": false, + "isYAxisLabelVisible": true, + "isYAxisTitleVisible": false, + "type": "heatmap_grid" + }, + "layerId": "727f696c-b9e9-4d94-869e-768316c6f35f", + "layerType": "data", + "legend": { + "isVisible": true, + "position": "right", + "type": "heatmap_legend" + }, + "shape": "heatmap", + "valueAccessor": "dacc72b5-650c-4b22-a6b2-33bc27e009a1", + "xAccessor": "fd1f498a-3a13-4224-9118-2026d4de9e05", + "yAccessor": "5e01ee8c-3deb-48d9-b164-d34e09393f4f" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e", + "w": 27, + "x": 0, + "y": 20 + }, + "panelIndex": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e", + "title": "Destination Continent", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7551f3d-5efd-4fb2-bb69-38618e9a9036": { + "columnOrder": [ + "b2cad432-d50d-4e94-aaba-a93f5768e86c", + "97421720-6ca5-423e-9404-f5d9513da202", + "9ed27413-6e4a-4e94-a0bc-555561bf6d98", + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "columns": { + "44b55436-f051-4008-bfda-c4ad336ed0cd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "97421720-6ca5-423e-9404-f5d9513da202": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.transport", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "9ed27413-6e4a-4e94-a0bc-555561bf6d98": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.direction", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "b2cad432-d50d-4e94-aaba-a93f5768e86c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of destination.as.organization.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "44b55436-f051-4008-bfda-c4ad336ed0cd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.as.organization.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "44b55436-f051-4008-bfda-c4ad336ed0cd" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "b2cad432-d50d-4e94-aaba-a93f5768e86c", + "97421720-6ca5-423e-9404-f5d9513da202", + "9ed27413-6e4a-4e94-a0bc-555561bf6d98" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 23, + "i": "03f96d28-57c5-4dd0-a141-f06e796a0f2e", + "w": 21, + "x": 27, + "y": 23 + }, + "panelIndex": "03f96d28-57c5-4dd0-a141-f06e796a0f2e", + "title": "Destination Organisation and Transport Type", + "type": "lens", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"locale\":\"autoselect\",\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"1b84e1d2-1cb5-4287-a681-d1622795e423\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"EMS_VECTOR_TILE\",\"color\":\"\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"id\":\"372610af-5ea1-4fca-b58e-b2074dcc3cc9\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"theclassic\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":10,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelZoomRange\":{\"options\":{\"useLayerZoomRange\":true,\"minZoom\":0,\"maxZoom\":24}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"06999fd6-0403-4553-9d41-4e5495200227\",\"label\":\"Traffic Links\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.1,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"disableTooltips\":false},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"FINE\",\"id\":\"e31f159d-257f-494d-a1ed-a2ce518f955f\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"fdac5a51-e1c2-416a-bff9-49a6d41ce91a\",\"label\":\"Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"Reds\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"FINE\",\"id\":\"1c0e03aa-5414-412f-a201-dbc93f3760e3\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"2700448b-b576-470b-9426-ab6e4550cb00\",\"label\":\"Source\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"Greens\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"adHocDataViews\":[],\"zoom\":1.67,\"center\":{\"lon\":-20.31667,\"lat\":0},\"timeFilters\":{\"from\":\"now-15d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"keydownScrollZoom\":false,\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"fdac5a51-e1c2-416a-bff9-49a6d41ce91a\",\"2700448b-b576-470b-9426-ab6e4550cb00\",\"06999fd6-0403-4553-9d41-4e5495200227\"]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 2.34551, + "lon": 14.37275, + "zoom": 1.03 + }, + "openTOCDetails": [ + "fdac5a51-e1c2-416a-bff9-49a6d41ce91a", + "2700448b-b576-470b-9426-ab6e4550cb00" + ] + }, + "gridData": { + "h": 25, + "i": "1bb4d88d-e80b-4d8f-a60c-1402704f442f", + "w": 27, + "x": 0, + "y": 27 + }, + "panelIndex": "1bb4d88d-e80b-4d8f-a60c-1402704f442f", + "title": "Traffic Map", + "type": "map", + "version": "8.6.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "### Time and Place Dashboard for Check Point firewall\n\nThe time and place dashboard gives a geo-temporal and organisational view of traffic logged by the firewall.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 6, + "i": "8c4e232e-be94-456e-97fa-dd1afe5a8a8f", + "w": 21, + "x": 27, + "y": 46 + }, + "panelIndex": "8c4e232e-be94-456e-97fa-dd1afe5a8a8f", + "title": "Description", + "type": "visualization", + "version": "8.6.1" + } + ], + "timeRestore": false, + "title": "[Check Point] Time and Place", + "version": 1 + }, + "coreMigrationVersion": "8.6.1", + "created_at": "2023-03-08T05:08:35.095Z", + "id": "checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12e4a938-fef5-48fc-bb3f-7683fb5d2a55:07a5779c-249e-40e0-bdc2-66a9248b1ec6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bb090f86-b705-441a-bd4f-ff013566a870:indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5220ed40-ee5c-4aae-af10-35a04126615c:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5220ed40-ee5c-4aae-af10-35a04126615c:b9623a2b-62ce-45a7-ac4c-910ece8f41c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d117323b-c652-401a-938e-51d20c7be58c:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d117323b-c652-401a-938e-51d20c7be58c:2548b054-f23b-49ab-b36e-93739d57c5f0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e:indexpattern-datasource-layer-727f696c-b9e9-4d94-869e-768316c6f35f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0e5d4cd1-abc4-472e-b01f-a8d5023fef0e:7e4d0afe-2489-45cc-9d7f-758db1ba65fc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "03f96d28-57c5-4dd0-a141-f06e796a0f2e:indexpattern-datasource-layer-f7551f3d-5efd-4fb2-bb69-38618e9a9036", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bb4d88d-e80b-4d8f-a60c-1402704f442f:layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_03a22b77-28d1-4a04-a2c4-a391cbe39184:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 0d4bbf08dfd..7cbf51b3c04 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.16.1" +version: "1.17.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration @@ -8,12 +8,29 @@ format_version: 1.0.0 license: basic categories: [security, network, firewall_security] conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: "^8.6.0" icons: - src: /img/checkpoint-logo.svg title: Check Point size: 761x341 type: image/svg+xml +screenshots: + - src: /img/overview.png + title: Check Point - Overview + size: 1024x1076 + type: image/png + - src: /img/addresses_and_ports.png + title: Check Point - Addresses and Ports + size: 1024x1076 + type: image/png + - src: /img/time_and_traffic.png + title: Check Point - Time and Traffic + size: 1024x798 + type: image/png + - src: /img/time_and_place.png + title: Check Point - Time and Place + size: 1024x1041 + type: image/png policy_templates: - name: checkpoint title: Check Point logs