-
Notifications
You must be signed in to change notification settings - Fork 0
/
saved_objects.ndjson
618 lines (618 loc) · 83.2 KB
/
saved_objects.ndjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
[
{
"_id": "e77b81f0-827f-11ea-8ff0-c92c0b7a3886",
"_type": "index-pattern",
"_source": {
"title": "cloudtrail*",
"timeFieldName": "eventTime",
"fields": "[{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"account-id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"account-name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"account-name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assumedRoleUser.arn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assumedRoleUser.assumedRoleId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"awsRegion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventSource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventTime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventVersion\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"locationIP\",\"type\":\"geo_point\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipientAccountId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requestID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requestParameters\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"responseElements\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"s3filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"s3filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"s3folderpath\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sharedEventID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sourceIPAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userAgent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userIdentity.SessionContext.Attributes.mfaAuthenticated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userIdentity.arn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userIdentity.invokedBy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userIdentity.principalId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"userIdentity.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]"
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"index-pattern": "6.5.0"
}
},
{
"_id": "7e814fd0-8280-11ea-8ff0-c92c0b7a3886",
"_type": "dashboard",
"_source": {
"title": "CloudTrail Dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[]",
"optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"LIST ACTIONS\",\"disabled\":true,\"index\":\"7f253c90-81b2-11ea-8146-319072b53af4\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"wildcard\\\":{\\\"eventName\\\":{\\\"boost\\\":1,\\\"rewrite\\\":\\\"constant_score\\\",\\\"value\\\":\\\"List*\\\"}}}\"},\"query\":{\"wildcard\":{\"eventName\":{\"boost\":1,\"rewrite\":\"constant_score\",\"value\":\"List*\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DELETE ACTIONS\",\"disabled\":true,\"index\":\"7f253c90-81b2-11ea-8146-319072b53af4\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"wildcard\\\":{\\\"eventName\\\":{\\\"boost\\\":1,\\\"rewrite\\\":\\\"constant_score\\\",\\\"value\\\":\\\"Delete*\\\"}}}\"},\"query\":{\"wildcard\":{\"eventName\":{\"boost\":1,\"rewrite\":\"constant_score\",\"value\":\"Delete*\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"UPDATE ACTIONS\",\"disabled\":true,\"index\":\"7f253c90-81b2-11ea-8146-319072b53af4\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"wildcard\\\":{\\\"eventName\\\":{\\\"boost\\\":1,\\\"rewrite\\\":\\\"constant_score\\\",\\\"value\\\":\\\"Update*\\\"}}}\"},\"query\":{\"wildcard\":{\"eventName\":{\"boost\":1,\"rewrite\":\"constant_score\",\"value\":\"Update*\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DESCRIBE ACTIONS\",\"disabled\":true,\"index\":\"7f253c90-81b2-11ea-8146-319072b53af4\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"wildcard\\\":{\\\"eventName\\\":{\\\"boost\\\":1,\\\"rewrite\\\":\\\"constant_score\\\",\\\"value\\\":\\\"Describe*\\\"}}}\"},\"query\":{\"wildcard\":{\"eventName\":{\"boost\":1,\"rewrite\":\"constant_score\",\"value\":\"Describe*\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"NORDCLOUD ACTIONS\",\"disabled\":true,\"index\":\"7f253c90-81b2-11ea-8146-319072b53af4\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"wildcard\\\":{\\\"userIdentity.arn\\\":{\\\"boost\\\":1,\\\"rewrite\\\":\\\"constant_score\\\",\\\"value\\\":\\\"arn:aws:sts::654454602270:assumed-role/Nordcloud*\\\"}}}\"},\"query\":{\"wildcard\":{\"userIdentity.arn\":{\"boost\":1,\"rewrite\":\"constant_score\",\"value\":\"arn:aws:sts::654454602270:assumed-role/Nordcloud*\"}}}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"_type": "search",
"_source": {
"title": "VPC_FLOW_LOGS_ALL",
"description": "",
"hits": 0,
"columns": [
"end",
"duration",
"account-name",
"interface-id",
"srcaddr",
"dstaddr",
"dstport",
"protocol",
"action",
"log-status",
"bytes"
],
"sort": [
"start",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"ACCEPT\",\"params\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "00bc6310-8306-11ea-b609-ff72fee4a40b",
"_type": "search",
"_source": {
"title": "CLOUDTRAIL_LOGS_ALL",
"description": "",
"hits": 0,
"columns": [
"account-name"
],
"sort": [
"eventTime",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"e77b81f0-827f-11ea-8ff0-c92c0b7a3886\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"key\":\"action.keyword\",\"negate\":false,\"params\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ACCEPT\"},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}}}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "a79c6fc0-8349-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_PACKETS_OK",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_PACKETS_OK\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of packets\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of packets\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"packets\",\"customLabel\":\"Sum of packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-15T13:05:29.005Z\",\"to\":\"2020-04-15T13:11:20.090Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"ACCEPT\",\"params\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "fc971600-834a-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_BYTES_OK",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_BYTES_OK\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes\",\"customLabel\":\"Sum of bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-15T13:05:29.005Z\",\"to\":\"2020-04-15T13:11:20.090Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"ACCEPT\",\"params\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "1931e710-834e-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_TRAFFIC_AVG_DURATION",
"visState": "{\"title\":\"VPC_FLOW_TRAFFIC_AVG_DURATION\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":6,\"colorSchema\":\"Green to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":true,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\",\"customLabel\":\"Packets Average Duration per Hour\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-14T21:00:00.000Z\",\"to\":\"2020-04-15T20:59:59.999Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"h\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}",
"uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0% - 17%\":\"rgb(0,104,55)\",\"17% - 34%\":\"rgb(76,176,93)\",\"34% - 50%\":\"rgb(183,224,117)\",\"50% - 67%\":\"rgb(255,255,190)\",\"67% - 84%\":\"rgb(253,191,111)\",\"84% - 100%\":\"rgb(234,88,57)\"}}}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "294b31c0-8280-11ea-8ff0-c92c0b7a3886",
"_type": "visualization",
"_source": {
"title": "CLOUDTRAIL_IP_MAP",
"visState": "{\"title\":\"CLOUDTRAIL_IP_MAP\",\"type\":\"tile_map\",\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a>|<a href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a>|<a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p> \"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"locationIP\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":4,\"mapCenter\":{\"lon\":46.36230468750001,\"lat\":34.34343606848294},\"mapBounds\":{\"bottom_right\":{\"lat\":7.100892668623654,\"lon\":90.17578125},\"top_left\":{\"lat\":54.97761367069628,\"lon\":2.5488281249999933}},\"precision\":2,\"customLabel\":\"IP Location events\"}}]}",
"uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[37.78808138412046,45.966796875]}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"e77b81f0-827f-11ea-8ff0-c92c0b7a3886\",\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "faac7220-834c-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_PROTOCOL_TYPES",
"visState": "{\"title\":\"VPC_FLOW_PROTOCOL_TYPES\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"packets\",\"customLabel\":\"Total packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Different Protocols\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "a9da89d0-8352-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "HELP_DOCUMENTATION",
"visState": "{\"title\":\"HELP_DOCUMENTATION\",\"type\":\"markdown\",\"params\":{\"fontSize\":15,\"openLinksInNewTab\":false,\"markdown\":\"# AWS-ELK Stack\\n\\n![alt text](https://bayton.org/wp-content/uploads/2016/09/featured-1140x593.png \\\"Logo Title Text 1\\\")\\n\\n# Table of Contents\\n1. [Description](#Description)\\n2. [Kibana](#Kibana)\\n3. [API reference](#API-reference)\\n\\n\\t3.1 [ElasticSearch cURL Commands](#ElasticSearch-cURL-Commands)\\n\\n\\t3.2\\t[DSL Queries](#DSL-Queries)\\n---\\n\\n## Description\\nELK stack is data analysis orchestration service that runs three different components (Elasticsearch, Logstash & Kibana) to feed data, process and do indexation and finally display on a frontend client that enables end user to create different visualizations of the data.\\n\\nDiferente user cases for ELK might be:\\n- Consolidate different logs from different sources with same schema or different and try to visualize at glance for audit purposes.\\n\\n- Identify KPIs to given stakeholders the right tools in order to make strategic decisions on daily basis\\n\\n- Apply Machine Learning techniques on custom subsets of data and get insights about possible data issues\\n\\nThis AWS-ELK is just an ELK stack that utilizes the Elasticsearch to consume logs from AWS services like CloudTrail & VPCFlowLogs.\\n\\n---\\n\\n## Kibana\\n\\nBefore use Kibana, there is a requirement to create an index pattern. So, for that this steps will create an index and push some data.\\n\\n#### Initial setup\\n\\n1. Create a temp variable. (Obviously this can be arranged with a permanent CNAME record on R53 service that points to the ELB DNS)\\n```\\nELK_HOST=$(aws --profile MY-PROFILE cloudformation describe-stacks --stack-name ecs-elk --query Stacks[].Outputs[0].OutputValue | sed -n 2,2p | cut -b 6-71)\\n\\nexport ELK_HOST\\n```\\n\\n2. Test the access url for Kibana frontend and Elasticsearch:\\n\\n```\\ncurl -f http://$ELK_HOST\\n```\\n```\\ncurl -f http://$ELK_HOST:9200\\n```\\n\\n3. Create indexes:\\n\\n```\\n# VPCFlowlogs index\\ncurl $ELK_HOST:9200/vpclogs?pretty -H 'Content-Type: application/json' -d'{\\\"mappings\\\": {\\\"doc\\\": {\\\"properties\\\": {\\\"account-id\\\": {\\\"type\\\": \\\"long\\\"},\\\"protocol\\\": {\\\"type\\\": \\\"integer\\\"},\\\"srcaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"dstaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"start\\\": {\\\"type\\\": \\\"date\\\"},\\\"end\\\": {\\\"type\\\": \\\"date\\\"}}}}}' -XPUT\\n\\n# CloudTraillogs index\\ncurl $ELK_HOST:9200/cloudtraillogs?pretty -H 'Content-Type: application/json' -d'{\\\"mappings\\\": {\\\"doc\\\": {\\\"properties\\\": {\\\"eventVersion\\\": {\\\"type\\\": \\\"long\\\"},\\\"userIdentity.type\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"userIdentity.invokedBy\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"userIdentity.principalId\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"userIdentity.arn\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"requestParameters\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"responseElements\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"eventTime\\\": {\\\"type\\\": \\\"date\\\"},\\\"eventSource\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"eventName\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"awsRegion\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"sourceIPAddress\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"userAgent\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"assumedRoleUser.assumedRoleId\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"assumedRoleUser.arn\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"requestID\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"userIdentity.SessionContext.Attributes.mfaAuthenticated\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"locationIP\\\": {\\\"type\\\": \\\"geo_point\\\"},\\\"eventID\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"resources\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"eventType\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"recipientAccountId\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"sharedEventID\\\": {\\\"type\\\": \\\"keyword\\\"}}}}}' -XPUT\\n```\\n\\n4. View Kibana Web Application:\\n```\\nopen http://$ELK_HOST\\n```\\n\\n---\\n\\n## API reference\\n\\nAll CRUD actions to create and manipulate data processed in EalsticSearch can be performed either using: \\n\\n* Console on Kibana at \\\"Menu\\\" - \\\"DEV tools\\\"\\n\\n* Implement any RESTful Api client, e.g. cURL commands\\n\\n---\\n\\n## ElasticSearch cURL Commands\\nYou can run any command using the following syntax:\\n\\n```\\n$curl <PROTOCOL>://<HOST>:<PORT>/<PATH>/<OPERATION_NAME>?<QUERY_STRING> -d '<BODY>' -X<VERB>\\n```\\n\\n> VERB: This can take values for the request method type: GET, POST, PUT, DELETE, HEAD.\\n\\n> PROTOCOL: This is either http or https.\\n\\n> HOST: This is the hostname of the node in the cluster. For local installations, this can be 'localhost' or '127.0.0.1'.\\n\\n> PORT: This is the port on which the Elasticsearch instance is currently running. The default is 9200.\\n\\n> PATH: This corresponds to the name of the index, type, and ID to be queried, for example: /index/type/id.\\n\\n> OPERATION_NAME: This corresponds to the name of the operation to be performed, for example: _search, _count, and so on.\\n\\n> QUERY_STRING: This is an optional parameter to be specified for query string parameters. For example, ?pretty for pretty print of JSON documents.\\n\\n> BODY: This makes a request for body text.\\n\\n#### Create index structure\\n```\\ncurl $ELK_HOST:9200/vpclogs?pretty -H 'Content-Type: application/json' -d'{\\\"mappings\\\": {\\\"doc\\\": {\\\"properties\\\": {\\\"account-id\\\": {\\\"type\\\": \\\"long\\\"},\\\"protocol\\\": {\\\"type\\\": \\\"integer\\\"},\\\"srcaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"dstaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\\"start\\\": {\\\"type\\\": \\\"date\\\"},\\\"end\\\": {\\\"type\\\": \\\"date\\\"}}}}}' -XPUT\\n```\\n\\n#### Create Index pattern (Kibana)\\n```\\ncurl $ELK_HOS:5601/api/saved_objects/index-pattern/my-pattern -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d '{\\\"attributes\\\": {\\\"title\\\": \\\"cloud*\\\",\\\"timeFieldName\\\":\\\"eventTime\\\"}}' -XPOST\\n```\\n\\n#### Bulk import the data to the right index\\n```\\ncurl -H 'Content-Type: application/x-ndjson' $ELK_HOST:9200/vpclogs/doc/_bulk?pretty --data-binary @tmpfile.json -XPOST\\n```\\n\\n#### Check All available indexes:\\n```\\ncurl http://$ELK_HOST:9200/_cat/indices?v -XGET\\n```\\n\\n#### List all nodes in a cluster:\\n```\\ncurl http://$ELK_HOST:9200/_cat/nodes?v -XGET\\n```\\n\\n#### Check health of the cluster:\\n```\\ncurl http://$ELK_HOST:9200/_cluster/health?pretty=true -XGET\\n```\\n\\n#### Check specific health level of the cluster:\\n```\\ncurl http://$ELK_HOST:9200/_cluster/health?level=cluster&pretty=true -XGET\\ncurl http://$ELK_HOST:9200/_cluster/health?level=shards&pretty=true -XGET\\ncurl http://$ELK_HOST:9200/_cluster/health?level=indices&pretty=true -XGET\\n```\\n\\n#### Create index\\n```\\ncurl $ELK_HOST:9200/<index_name>?pretty -XPUT\\n```\\n\\n#### Get items\\n```\\ncurl $ELK_HOST:9200/<index_name>/<index_type>/<item_id>?pretty -XGET\\n```\\n\\n#### Delete document\\n```\\ncurl $ELK_HOST:9200/<index_name>/<index_type>/<item_id>?pretty -XDELETE\\n```\\n\\n#### Delete All\\n```\\ncurl $ELK_HOST:9200/vpclogs/_delete_by_query?pretty -H 'Content-Type: application/json' -d'{\\\"query\\\":{\\\"match_all\\\":{}}}' -XPOST\\n```\\n\\n```\\ncurl $ELK_HOST:9200/cloudtraillogs/_delete_by_query?pretty -H 'Content-Type: application/json' -d'{\\\"query\\\":{\\\"match_all\\\":{}}}' -XPOST\\n```\\n\\n#### Get current ID\\n\\n```\\ncurl $ELK_HOST:9200/vpclogs/_search?pretty -H 'Content-Type: application/json' -d '{\\\"stored_fields\\\": [\\\"_id\\\"],\\\"query\\\": {\\\"match_all\\\": {}},\\\"sort\\\": {\\\"_id\\\": \\\"desc\\\"},\\\"size\\\": 1}' -XGET\\n\\ncurl $ELK_HOST:9200/vpclogs/_search?pretty -H 'Content-Type: application/json' -d '{\\\"stored_fields\\\": [\\\"_id\\\"],\\\"query\\\": {\\\"match_all\\\": {}},\\\"sort\\\": {\\\"_id\\\": \\\"asc\\\"},\\\"size\\\": 1}' -XGET\\n```\\n\\n---\\n\\n## DSL Queries\\n\\nThe syntax reference can be found in following link:\\n\\nhttps://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html\\n\\n#### Create index\\n```\\nPUT /vpclogs\\n{\\n \\\"mappings\\\": {\\n \\\"doc\\\": {\\n \\\"properties\\\": {\\n \\\"account-id\\\": {\\\"type\\\": \\\"long\\\"},\\n \\\"protocol\\\": {\\\"type\\\": \\\"integer\\\"},\\n \\\"srcaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"dstaddr\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"start\\\": {\\\"type\\\": \\\"date\\\"},\\n \\\"end\\\": {\\\"type\\\": \\\"date\\\"}\\n }\\n }\\n }\\n}\\n```\\n\\n```\\nPUT /cloudtraillogs\\n{\\n \\\"mappings\\\": {\\n \\\"doc\\\": {\\n \\\"properties\\\": {\\n \\\"eventVersion\\\": {\\\"type\\\": \\\"long\\\"},\\n \\\"userIdentity.type\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"userIdentity.invokedBy\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"eventTime\\\": {\\\"type\\\": \\\"date\\\"},\\n \\\"eventSource\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"eventName\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"awsRegion\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"sourceIPAddress\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"userAgent\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"requestParameters.roleArn\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"requestParameters.roleSessionName\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"requestParameters.externalId\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"requestParameters.durationSeconds\\\": {\\\"type\\\": \\\"long\\\"},\\n \\\"responseElements.credentials.accessKeyId\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"responseElements.credentials.expiration\\\": {\\\"type\\\": \\\"date\\\"},\\n \\\"responseElements.credentials.sessionToken\\\": {\\\"type\\\": \\\"text\\\"},\\n \\\"assumedRoleUser.assumedRoleId\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"assumedRoleUser.arn\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"requestID\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"eventID\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"resources\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"eventType\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"recipientAccountId\\\": {\\\"type\\\": \\\"keyword\\\"},\\n \\\"sharedEventID\\\": {\\\"type\\\": \\\"keyword\\\"}\\n }\\n }\\n }\\n}\\n```\\n\\n#### Get data values\\n```\\nGET /vpclogs/_search?pretty\\n{\\n \\\"query\\\": {\\n \\\"bool\\\" : {\\n \\\"must\\\" : {\\n \\\"range\\\": {\\n \\\"start\\\": {\\n \\\"gte\\\": \\\"2020-03-22\\\",\\n \\\"lt\\\": \\\"2020-03-24\\\"\\n }\\n }\\n },\\n \\\"filter\\\": {\\n \\\"term\\\" : { \\\"account-id\\\" : \\\"007385363882\\\" }\\n }\\n }\\n }\\n}\\n```\\n\\n#### Delete by query\\n```\\nPOST /vpclogs/_delete_by_query?pretty\\n{\\n \\\"query\\\": {\\n \\\"match\\\": {\\n \\\"account-id\\\": \\\"007385363882\\\"\\n }\\n }\\n}\\n```\\n\\n```\\nPOST /vpclogs/_delete_by_query?pretty\\n{\\n \\\"query\\\": {\\n \\\"bool\\\" : {\\n \\\"must\\\" : {\\n \\\"range\\\": {\\n \\\"start\\\": {\\n \\\"gte\\\": \\\"2020-03-22\\\",\\n \\\"lt\\\": \\\"2020-03-24\\\"\\n }\\n }\\n },\\n \\\"filter\\\": {\\n \\\"term\\\" : { \\\"account-id\\\" : \\\"007385363882\\\" }\\n }\\n }\\n }\\n}\\n```\\n\\n---\"},\"aggs\":[]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "25b372b0-8349-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_BYTES",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_BYTES\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Sum of bytes\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Sum of bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes\",\"customLabel\":\"Sum of bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-14T21:00:00.000Z\",\"to\":\"2020-04-17T20:59:59.999Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"type\":\"phrases\",\"key\":\"action.keyword\",\"value\":\"ACCEPT, REJECT\",\"params\":[\"ACCEPT\",\"REJECT\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"action.keyword\":\"ACCEPT\"}},{\"match_phrase\":{\"action.keyword\":\"REJECT\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "5ac08450-8350-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_REJECTION_INDEX",
"visState": "{\"title\":\"VPC_FLOW_LOGS_REJECTION_INDEX\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":20000},{\"from\":20000,\"to\":75000},{\"from\":75000,\"to\":100000}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"packets\",\"customLabel\":\"Rejection packets thresold\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"packets\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
"uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 20\":\"rgb(0,104,55)\",\"20 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"}}}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "c11ee4a0-8349-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_PACKETS_KO",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_PACKETS_KO\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of packets\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of packets\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"packets\",\"customLabel\":\"Sum of packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-15T13:05:29.005Z\",\"to\":\"2020-04-15T13:11:20.090Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "f3d48070-834a-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_BYTES_KO",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_BYTES_KO\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes\",\"customLabel\":\"Sum of bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-15T13:05:29.005Z\",\"to\":\"2020-04-15T13:11:20.090Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "e57309e0-8352-11ea-b32a-1f34369b25dd",
"_type": "dashboard",
"_source": {
"title": "HELP",
"hits": 0,
"description": "Markdown formatted document with an introduction to ELK stack",
"panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":37,\"i\":\"1\"},\"version\":\"6.8.8\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"id\":\"a9da89d0-8352-11ea-b32a-1f34369b25dd\",\"embeddableConfig\":{}}]",
"optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "431a26a0-8349-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_SUM_OF_PACKETS",
"visState": "{\"title\":\"VPC_FLOW_SUM_OF_PACKETS\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of packets\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of packets\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"packets\",\"customLabel\":\"Sum of packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"start\",\"timeRange\":{\"from\":\"2020-04-15T13:05:29.005Z\",\"to\":\"2020-04-15T13:11:20.090Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Starting every hour\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "9adbcb50-7cd7-11ea-86da-6f71652bf90c",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"type\":\"phrases\",\"key\":\"action.keyword\",\"value\":\"ACCEPT, REJECT\",\"params\":[\"ACCEPT\",\"REJECT\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"action.keyword\":\"ACCEPT\"}},{\"match_phrase\":{\"action.keyword\":\"REJECT\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "0b272e50-839e-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_FROM_IP",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_FROM_IP\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Total occurrences\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Total occurrences\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total occurrences\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"srcaddr\",\"size\":19,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Others\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From IP\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"FROM_LOCAL\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\",\"negate\":false},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "87b52ad0-839e-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_TO_IP",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_TO_IP\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Total occurrences\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Total occurrences\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total occurrences\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dstaddr\",\"size\":19,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Others\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"To IP\"}}]}",
"uiStateJSON": "{}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"TO_LOCAL\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "044b79d0-83a1-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_BETWEEN_LOCAL",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_BETWEEN_LOCAL\",\"type\":\"table\",\"params\":{\"perPage\":30,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"srcaddr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\",\"row\":false}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "abf8b270-83a0-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_FROM_LOCAL",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_FROM_LOCAL\",\"type\":\"table\",\"params\":{\"perPage\":30,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"srcaddr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\",\"row\":false}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\",\"negate\":false},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "dbabd920-83a0-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_TO_LOCAL",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_TO_LOCAL\",\"type\":\"table\",\"params\":{\"perPage\":30,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"srcaddr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\",\"row\":false}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"_type": "search",
"_source": {
"title": "VPC_FLOW_LOGS_FROM_ACCOUNT_HOSTS",
"description": "",
"hits": 0,
"columns": [
"end",
"duration",
"account-name",
"interface-id",
"srcaddr",
"srcport",
"dstaddr",
"dstport",
"protocol",
"action",
"log-status",
"bytes"
],
"sort": [
"start",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"key\":\"action.keyword\",\"negate\":true,\"params\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ACCEPT\"},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"ACCEPT\",\"type\":\"phrase\"}}}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"FROM_LOCAL_INSTANCES\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"TO_LOCAL_INSTANCES\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\",\"negate\":false},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "2aabe370-83a2-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total rejections\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"srcaddr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FROM\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":\"NOT ALLOWED TRAFFIC\",\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "c8a83970-83a2-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_OUTGOING",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_OUTGOING\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total rejections\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"srcaddr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FROM\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":\"NOT ALLOWED TRAFFIC\",\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "ede9e210-83a2-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_INCOMING",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_INCOMING\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total rejections\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FROM\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":true,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":\"NOT ALLOWED TRAFFIC\",\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "0a370fb0-83a3-11ea-b9b6-b16f484bd208",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_INTERNAL",
"visState": "{\"title\":\"VPC_FLOW_LOGS_TRAFFIC_BREAKDOWN_NOT_ALLOWED_INTERNAL\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total rejections\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FROM\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcport\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PORT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstaddr\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TO\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"savedSearchId": "8a42b7b0-8397-11ea-b9b6-b16f484bd208",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"query\":{\"wildcard\":{\"dstaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"TO\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"dstaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"wildcard\":{\"srcaddr\":{\"value\":\"10.176.*\",\"rewrite\":\"constant_score\",\"boost\":1}}},\"meta\":{\"negate\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"disabled\":false,\"alias\":\"FROM\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"wildcard\\\":{\\\"srcaddr\\\":{\\\"value\\\":\\\"10.176.*\\\",\\\"rewrite\\\":\\\"constant_score\\\",\\\"boost\\\":1}}}\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"negate\":false,\"disabled\":false,\"alias\":\"NOT ALLOWED TRAFFIC\",\"type\":\"phrase\",\"key\":\"action.keyword\",\"value\":\"REJECT\",\"params\":{\"query\":\"REJECT\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"action.keyword\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "15d3e7a0-8351-11ea-b32a-1f34369b25dd",
"_type": "visualization",
"_source": {
"title": "VPC_FLOW_LOGS_ACCOUNT_NAME_SELECTOR",
"visState": "{\"title\":\"VPC_FLOW_LOGS_ACCOUNT_NAME_SELECTOR\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1587419436090\",\"indexPattern\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"fieldName\":\"account-name.keyword\",\"parent\":\"\",\"label\":\"AWS Account\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"}},{\"id\":\"1587453983575\",\"indexPattern\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"fieldName\":\"srcaddr\",\"parent\":\"\",\"label\":\"FROM IP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"}},{\"id\":\"1587454017136\",\"indexPattern\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"fieldName\":\"dstaddr\",\"parent\":\"\",\"label\":\"TO IP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"}},{\"id\":\"1587420961229\",\"indexPattern\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"fieldName\":\"action.keyword\",\"parent\":\"\",\"label\":\"Packet response (Accepted/Rejected)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"}},{\"id\":\"1587455468970\",\"indexPattern\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"fieldName\":\"srcport\",\"parent\":\"\",\"label\":\"Port\",\"type\":\"range\",\"options\":{\"decimalPlaces\":0,\"step\":1}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"visualization": "6.7.2"
}
},
{
"_id": "a8178df0-7ccc-11ea-86da-6f71652bf90c",
"_type": "dashboard",
"_source": {
"title": "VPC Flow Dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of bytes\":\"#0A50A1\"},\"legendOpen\":false}},\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":15,\"i\":\"1\"},\"id\":\"25b372b0-8349-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of bytes\":\"#0A50A1\",\"Sum of packets\":\"#0A50A1\"},\"legendOpen\":false}},\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":15,\"i\":\"2\"},\"id\":\"431a26a0-8349-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of bytes\":\"#629E51\"},\"legendOpen\":false}},\"gridData\":{\"x\":0,\"y\":23,\"w\":24,\"h\":15,\"i\":\"3\"},\"id\":\"fc971600-834a-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of packets\":\"#629E51\"},\"legendOpen\":false}},\"gridData\":{\"x\":24,\"y\":23,\"w\":24,\"h\":15,\"i\":\"4\"},\"id\":\"a79c6fc0-8349-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of bytes\":\"#BF1B00\"},\"legendOpen\":false}},\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"5\"},\"id\":\"f3d48070-834a-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Sum of bytes\":\"#BF1B00\",\"Sum of packets\":\"#BF1B00\"},\"legendOpen\":false}},\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"6\"},\"id\":\"c11ee4a0-8349-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":53,\"w\":48,\"h\":14,\"i\":\"7\"},\"id\":\"1931e710-834e-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":67,\"w\":24,\"h\":15,\"i\":\"8\"},\"id\":\"faac7220-834c-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 20\":\"rgb(0,104,55)\",\"20 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"},\"legendOpen\":false}},\"gridData\":{\"x\":0,\"y\":67,\"w\":24,\"h\":15,\"i\":\"9\"},\"id\":\"5ac08450-8350-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":8,\"i\":\"10\"},\"id\":\"15d3e7a0-8351-11ea-b32a-1f34369b25dd\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":43,\"i\":\"11\"},\"id\":\"044b79d0-83a1-11ea-b9b6-b16f484bd208\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":135,\"w\":48,\"h\":29,\"i\":\"12\"},\"id\":\"ede9e210-83a2-11ea-b9b6-b16f484bd208\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":125,\"w\":24,\"h\":10,\"i\":\"13\"},\"id\":\"c8a83970-83a2-11ea-b9b6-b16f484bd208\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.8.8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":125,\"w\":24,\"h\":10,\"i\":\"14\"},\"id\":\"0a370fb0-83a3-11ea-b9b6-b16f484bd208\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.8.8\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"controlledBy\":\"1587454017136\",\"disabled\":false,\"index\":\"1db4f0c0-7d04-11ea-875b-cbc44fad8e30\",\"key\":\"dstaddr\",\"negate\":false,\"params\":{\"query\":\"10.176.25.78\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"10.176.25.78\"},\"query\":{\"match\":{\"dstaddr\":{\"query\":\"10.176.25.78\",\"type\":\"phrase\"}}}}]}"
}
},
"_meta": {
"savedObjectVersion": 2
}
},
{
"_id": "1db4f0c0-7d04-11ea-875b-cbc44fad8e30",
"_type": "index-pattern",
"_source": {
"title": "vpc*",
"timeFieldName": "start",
"fields": "[{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"account-id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"account-name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"account-name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bytes\",\"type\":\"number\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dstaddr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dstport\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"end\",\"type\":\"date\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface-id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface-id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log-status\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log-status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"number\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"s3filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"s3filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"s3folderpath\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"srcaddr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"srcport\",\"type\":\"number\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"fieldFormatMap": "{\"bytes\":{\"id\":\"bytes\"},\"end\":{\"id\":\"date\"},\"start\":{\"id\":\"date\"},\"duration\":{\"id\":\"duration\"},\"account-id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"dstaddr\":{\"id\":\"string\"},\"srcaddr\":{\"id\":\"string\"},\"dstport\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"srcport\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}"
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"index-pattern": "6.5.0"
}
}
]