Permalink
Browse files

add ® mark as required, expand the introductory verbiage

  • Loading branch information...
philhagen committed Oct 9, 2017
1 parent 2cb172c commit f3913baa8706f6e8025d1f3a20ce1b919a8db245
Showing with 116 additions and 104 deletions.
  1. +2 −2 PULLREQUESTS.md
  2. +8 −2 README.md
  3. +15 −14 VM_README.md
  4. +1 −1 configfiles-UNSUPPORTED/6020-custom_wordpress.conf
  5. +1 −1 configfiles-UNSUPPORTED/6021-dovecot.conf
  6. +1 −1 configfiles-UNSUPPORTED/6022-courier.conf
  7. +1 −1 configfiles-UNSUPPORTED/6023-sendmail.conf
  8. +1 −1 configfiles-UNSUPPORTED/6024-xinetd.conf
  9. +1 −1 configfiles-UNSUPPORTED/6025-crond.conf
  10. +1 −1 configfiles-UNSUPPORTED/6026-milter-greylist.conf
  11. +1 −1 configfiles-UNSUPPORTED/6027-spamassassin.conf
  12. +1 −1 configfiles-UNSUPPORTED/6028-fail2ban.conf
  13. +1 −1 configfiles-UNSUPPORTED/6029-sudo.conf
  14. +1 −1 configfiles-UNSUPPORTED/6030-ansible.conf
  15. +1 −1 configfiles-UNSUPPORTED/6031-yum.conf
  16. +1 −1 configfiles-UNSUPPORTED/9450-output-plaso.conf
  17. +1 −1 configfiles/0000-input-beats.conf
  18. +1 −1 configfiles/0004-input-syslog.conf
  19. +1 −1 configfiles/0101-input-passivedns.conf
  20. +1 −1 configfiles/0200-input-netflow.conf
  21. +1 −1 configfiles/0300-input-httpdlog.conf
  22. +1 −1 configfiles/1000-preprocess-all.conf
  23. +1 −1 configfiles/1100-preprocess-syslog.conf
  24. +1 −1 configfiles/2050-netflow_v5.conf
  25. +1 −1 configfiles/6010-snare.conf
  26. +1 −1 configfiles/6011-squidlog.conf
  27. +1 −1 configfiles/6012-dhcpd.conf
  28. +1 −1 configfiles/6013-bindquery.conf
  29. +1 −1 configfiles/6014-passivedns.conf
  30. +1 −1 configfiles/6015-sshd.conf
  31. +1 −1 configfiles/6016-pam.conf
  32. +1 −1 configfiles/6017-iptables.conf
  33. +1 −1 configfiles/6018-cisco_asa.conf
  34. +1 −1 configfiles/6100-httpd.conf
  35. +1 −1 configfiles/8000-postprocess-bro.conf
  36. +1 −1 configfiles/8050-postprocess-ip_addresses.conf
  37. +1 −1 configfiles/8051-postprocess-tcp_ports.conf
  38. +1 −1 configfiles/8100-postprocess-syslog.conf
  39. +1 −1 configfiles/8110-postprocess-httpd.conf
  40. +1 −1 configfiles/9003-output-netflow.conf
  41. +1 −1 configfiles/9031-output-httpdlog.conf
  42. +1 −1 configfiles/9034-output-syslog.conf
  43. +1 −1 configfiles/9999-output-stdout.conf
  44. +1 −1 dashboards/introductory/dashboard/SOF-ELK-VM-Introduction-Dashboard
  45. +2 −2 dashboards/introductory/visualization/SOF-ELK-Logo
  46. +2 −2 dashboards/introductory/visualization/SOF-ELK-VM-Intro
  47. +1 −1 grok-patterns/archive-netflow
  48. +1 −1 grok-patterns/cisco_asa
  49. +1 −1 grok-patterns/for572_custom
  50. +1 −1 supporting-scripts/admin/dump_all_indexes.sh
  51. +1 −1 supporting-scripts/admin/dump_dashboards.sh
  52. +1 −1 supporting-scripts/admin/dump_index_template.sh
  53. +2 −2 supporting-scripts/distro_prep.sh
  54. +2 −2 supporting-scripts/elk_user_login.sh
  55. +1 −1 supporting-scripts/es_plugin_update.sh
  56. +2 −2 supporting-scripts/filebeat_inputs/archive_netflow.yml
  57. +2 −2 supporting-scripts/filebeat_inputs/bro.yml
  58. +2 −2 supporting-scripts/filebeat_inputs/httpdlog.yml
  59. +2 −2 supporting-scripts/filebeat_inputs/passivedns.yml
  60. +2 −2 supporting-scripts/filebeat_inputs/plaso.yml
  61. +2 −2 supporting-scripts/filebeat_inputs/syslog.yml
  62. +2 −2 supporting-scripts/fw_modify.sh
  63. +1 −1 supporting-scripts/geoip_update.sh
  64. +2 −2 supporting-scripts/git-check-pull-needed.sh
  65. +2 −2 supporting-scripts/git-remote-update.sh
  66. +5 −0 supporting-scripts/index_mapping_management.py
  67. +1 −1 supporting-scripts/issueupdate.sh
  68. +1 −1 supporting-scripts/load_all_dashboards.sh
  69. +3 −3 supporting-scripts/nfdump2sof-elk.sh
  70. +1 −1 supporting-scripts/post_merge.sh
  71. +3 −3 supporting-scripts/sof-elk_clear.py
  72. +1 −1 supporting-scripts/sof-elk_update.sh
  73. +1 −1 supporting-scripts/yum-post-transaction_sof-elk.actions
View
@@ -10,11 +10,11 @@ The code in this repository is used in a number of different environments, so th
1. Do not modify the following stock dashboards, except for bug-level edits. New dashboards will be considered, but as the codebase is designed to address a
broad community, highly customized dashboards may not be accepted into master.
* HTTPD Log Dashboard
* SOF-ELK VM Introduction Dashboard
* SOF-ELK® VM Introduction Dashboard
* NetFlow Dashboard
* Syslog Dashboard
1. Any custom parsers must be created in the /configfiles-UNSUPPORTED/ subdirectory. Any that are suitable for universal deployment will be moved to the /con
figfiles/ subdirectory by the SOF-ELK team.
figfiles/ subdirectory by the SOF-ELK® team.
1. All IP addresses pulled via grok must be in a field with a name formatted as such: <directionality>_ip or <use_case>_ip
* Examples: source_ip, destination_ip, relay_ip, answer_ip
1. All IP addresses must be enriched with the GeoIP location and ASN filters (see existing files for examples)
View
@@ -1,9 +1,15 @@
sof-elk
#SOF-ELK® Confuguration Files#
=======
![alt tag](https://raw.githubusercontent.com/philhagen/sof-elk/master/lib/sof-elk_logo_sm.png)
This repository contains the configuration and support files for the SANS FOR572 SOF-ELK VM Appliance. More details about the pre-packaged VM are available here: <http://for572.com/sof-elk-readme>.
This repository contains the configuration and support files for the SANS FOR572 SOF-ELK® VM Appliance.
SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic investigators/analysts and information security operations personnel. The platform is a customized build of the open source ELK stack, consisting of the Elasticsearch storage and search engine, Logstash ingest and enrichment system, and the Kibana dashboard frontend. With a significant amount of customization and ongoing development, SOF-ELK® users can avoid the typically long and involved setup process the ELK stack requires. Instead, they can simply download the pre-built and ready-to-use SOF-ELK® virtual appliance that consumes various source data types (numerous log types as well as NetFlow), parsing out the most critical data and visualizing it on several stock dashboards. Advanced users can build visualizations the suit their own investigative or operational requirements, optionally contributing those back to the primary code repository.
The SOF-ELK® platform was initially developed for SANS FOR572, Advanced Network Forensics and Analysis, and is now used in SEC555, SIEM with Tactical Analysis, with additional course integrations being considered. Most importantly, the platform is also distributed as a free and open source resource for the community at large, without a specific course requirement or tie-in required to use it.
More details about the pre-packaged VM are available here: <http://for572.com/sof-elk-readme>.
**Branches:**
View
@@ -1,8 +1,8 @@
# SOF-ELK VM Distribution #
#SOF-ELK® VM Distribution#
![alt tag](https://raw.githubusercontent.com/philhagen/sof-elk/master/lib/sof-elk_logo_sm.png)
## Background ##
This page contains details for the SOF-ELK (Security Operations and Forensics Elasticsearch, Logstash, Kibana) VM.
##Background##
This page contains details for the SOF-ELK® (Security Operations and Forensics Elasticsearch, Logstash, Kibana) VM.
The VM is provided as a community resource but is covered in depth in the following course(s):
* [SANS FOR572, Advanced Network Forensics and Analysis](http://for572.com/course)
@@ -11,7 +11,7 @@ The latest version of the VM itself is available here: <http://for572.com/sof-el
All parsers and dashboards for this VM are now maintained in this Github repository. You can access them directly via <http://for572.com/sof-elk-git>
## General Information ##
##General Information##
* The VM was created with VMware Fusion v8.1.1 and ships with virtual hardware v10.
* If you're using an older version of VMware Workstation/Fusion/Player, you will likely need to convert the VM back to a previous version of the hardware.
* Some VMware software provides this function via the GUI, or you may find the [free "VMware vCenter Converter" tool](http://www.vmware.com/products/converter) helpful.
@@ -29,7 +29,7 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* NOTICE: Remember that syslog DOES NOT reflect the year of a log entry! Therefore, Logstash has been configured to look for a year value in the path to a file. For example: ```/logstash/syslog/2015/var/log/messages``` will assign all entries from that file to the year 2015. If no year is present, the current year will be assumed. This is enabled only for the "/logstash/syslog/" directory.
* Commands to be familiar with:
* ```/usr/local/sbin/sof-elk_clear.py```: DESTROY contents of the Elasticsearch database. Most frequently used with an index name base (e.g. ```sof-elk_clear.py -i logstash``` will delete all data from the Elasticsearch ```logstash-*``` indexes. Other options detailed with the ```-h``` flag.
* ```/usr/local/sbin/sof-elk_update.sh```: Update the SOF-ELK configuration files from the Github repository. (Requires sudo.)
* ```/usr/local/sbin/sof-elk_update.sh```: Update the SOF-ELK® configuration files from the Github repository. (Requires sudo.)
* Files to be familiar with:
* ```/etc/logstash/conf.d/*.conf```: Symlinks to github-based FOR572-specific configs that address several common log formats:
* syslog
@@ -43,7 +43,7 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* Live NetFlow v5 and archived NetFlow records
* ```/usr/local/sof-elk/*```: Clone of Github repository (<http://for572.com/sof-elk-git> - master branch)
## Latest Distribution Vitals ##
##Latest Distribution Vitals##
* Basic details on the distribution
* VM is a CentOS 7.3 base with all updates as of 2017-05-18
* Includes Elasticsearch 2.4.5, Logstash 2.4.1, and Kibana 4.5.4
@@ -53,7 +53,7 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* MD5: ```f151b4fda7741682994f5d45bc67fe19```
* SHA256: ```f20456f8c9b1d78492fb5b4db56f921ab9ae4ef0c4e03005dd6ac266b4d0abda```
## How to Use ##
##How to Use##
* Restore the "Deployment" snapshot
* Boot the VM
* Log into the VM with the ```elk_user``` credentials (see above)
@@ -65,7 +65,7 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* There are links to several stock dashboards on the left hand side
* Wait for Logstash to parse the input files, load the appropriate dashboard URL, and start interacting with your data
## Changelog ##
##Changelog##
* Update: 2017-05-18: Another MAJOR update!
* Daily checks for upstream updates in the Github repository, with advisement on login if updates are available
* Added dozens of parser configurations from Justin Henderson, supporting the SANS SEC555 class
@@ -82,7 +82,7 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* Increased VM's default RAM to 4GB
* Update: 2016-07-08: This is a MAJOR update!
* Complete overhaul of the VM
* Re-branded to SOF-ELK, with awesome logo to boot
* Re-branded to SOF-ELK®, with awesome logo to boot
* Now uses CentOS 7.x as a base OS
* Latest releases of the ELK stack components
* All dashboards re-created to work in Kibana 4
@@ -119,24 +119,25 @@ All parsers and dashboards for this VM are now maintained in this Github reposit
* Cisco ASA events sent via syslog are fully parsed
* Much, much more!
## Ingesting Archived NetFlow ##
##Ingesting Archived NetFlow##
To ingest existing NetFlow evidence, it must be parsed into a specific format. The included nfdump2sof-elk.sh script will take care of this.
* Read from single file: ```nfdump2sof-elk.sh -r /path/to/netflow/nfcapd.201703190000```
* Read recursively from directory: ```nfdump2sof-elk.sh -r /path/to/netflow/```
* Optionally, you can specify the IP address of the exporter that created the flow data: ```nfdump2sof-elk.sh -e 10.3.58.1 -r /path/to/netflow/```
This script prints to STDOUT. Redirect to a file and place into the ```/logstash/nfarch/``` directory for parsing into SOF-ELK.
This script prints to STDOUT. Redirect to a file and place into the ```/logstash/nfarch/``` directory for parsing into SOF-ELK®.
## Sample Data ##
##Sample Data##
Some sample data is available in the ```~elk_user/exercise_source_logs/``` directory. Unzip this to the ```/logstash/syslog/``` directory and check out the syslog dashboard to get a quick feel for the overall process.
## Credits ##
##Credits##
* Derek B: Cisco ASA parsing/debugging and sample data
* Barry A: Sample data and trobuleshooting
* Ryan Johnson: Testing
* Matt Bromiley: Testing
## Administrative Notifications/Disclaimers/Legal/Boring Stuff ##
##Administrative Notifications/Disclaimers/Legal/Boring Stuff##
* This virtual appliance is provided "as is" with no express or implied warranty for accuracy or accessibility. No support for the functionality the VM provides is offered outside of this document.
* This virtual appliance includes GeoLite2 data created by MaxMind, available from <http://www.maxmind.com>
* SOF-ELK® is a registered trademark of Lewes Technology Consulting, LLC. Content is copyrighted by its respective contributors.
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for custom wordpress login messages from a private plugin. You probably don't need this file :)
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Dovecot IMAP/POP3 messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Courier IMAP/POP3 messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Sendmail MTA messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for xinetd messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for cron job scheduler messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for milter-greylist messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for spamassassin messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for fail2ban logwatch/action messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for sudo privilege elevation messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for ansible system configuration messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and yum software package management messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains outputs to Elasticsearch
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2017 Lewes Technology Consulting, LLC
#
# This file contains the Elastic Beats input
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains inputs for the syslog parsers
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains inputs for the passivedns parser
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains inputs for the NetFlow parsers
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains inputs for the HTTP Access Log parsers
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2017 Lewes Technology Consulting, LLC
#
# This file contains all universal preprocessors
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for basic syslog parsing
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for NetFlow records
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Windows Event Log messages sent via the Snare utility
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Squid log entries
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for DHCP messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for BIND query log messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for PassiveDNS messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for SSH server messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Linux PAM messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for iptables firewall messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for Cisco ASA messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains filters, transforms, and enrichments for HTTPD access log messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2017 Lewes Technology Consulting, LLC
#
# This file handles postprocessing for bro logs
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains transforms and enrichments to be applied in postprocessing
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains transforms and enrichments to be applied in postprocessing
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains final (cleanup) processing for syslog messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2017 Lewes Technology Consulting, LLC
#
# This file contains postprocessing for HTTPD access log messages
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains outputs to Elasticsearch
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains outputs to Elasticsearch
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains outputs to Elasticsearch
@@ -1,4 +1,4 @@
# SOF-ELK Configuration File
# SOF-ELK® Configuration File
# (C)2016 Lewes Technology Consulting, LLC
#
# This file contains output to STDOUT, which is only used for testing purposes. It should generally not be enabled, so everything is commented out.
@@ -1,5 +1,5 @@
{
"title": "SOF-ELK VM Introduction Dashboard",
"title": "SOF-ELK® VM Introduction Dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{\"col\":1,\"id\":\"Syslog-Collected\",\"panelIndex\":1,\"row\":6,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"NetFlow-Collected\",\"panelIndex\":2,\"row\":6,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"HTTPD-Logs-Collected\",\"panelIndex\":3,\"row\":6,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"NetFlow-Count\",\"panelIndex\":6,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"HTTPD-Log-Count\",\"panelIndex\":7,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Intro\",\"panelIndex\":9,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"NetFlow-Intro\",\"panelIndex\":10,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"HTTPD-Log-Intro\",\"panelIndex\":11,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"SOF-ELK-VM-Intro\",\"panelIndex\":12,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"SANS-DFIR-Logo\",\"panelIndex\":13,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Count\",\"panelIndex\":14,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"id\":\"SOF-ELK-Logo\",\"type\":\"visualization\",\"panelIndex\":15,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":1}]",

Large diffs are not rendered by default.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit f3913ba

Please sign in to comment.