From 35ea084466fbfcea69ef43bb5121dc480982d699 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Fri, 30 Jun 2023 16:55:00 +0000
Subject: [PATCH] Update from exported saved objects again

---
 salt/kibana/files/saved_objects.ndjson | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson
index f12a9b529..215b584eb 100644
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson
@@ -354,7 +354,7 @@
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688135089819,5159],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyNzYsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5161],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyNzcsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5163],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyNzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Pie)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"6b109430-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688135089819,5165],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyNzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Pie)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T16:40:22.386Z","id":"6b109430-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688143222386,8962],"type":"visualization","updated_at":"2023-06-30T16:40:22.386Z","version":"WzU5ODcsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688135089819,5167],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyODAsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688135089819,5169],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyODEsMV0="}
 {"attributes":{"columns":["host.hostname","user.name","host.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"authentication\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"authentication\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Authentication Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"7a1fc780-6f07-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688135089819,5172],"type":"search","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQyODIsMV0="}
@@ -419,10 +419,10 @@
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5322],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDAsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5324],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDEsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5326],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true,\"showToolbar\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688135089819,5328],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688135089819,5330],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Seen Where","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688135089819,5332],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDUsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:intel\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Intel","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"85b529a0-0e5a-11eb-a255-e1e8e85e3571","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","name":"panel_5","type":"visualization"},{"id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","name":"panel_6","type":"visualization"},{"id":"6b109430-0e60-11eb-a255-e1e8e85e3571","name":"panel_7","type":"visualization"},{"id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1688135089819,5343],"type":"dashboard","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:intel\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Indicator\",\"excludeIsRegex\":true,\"field\":\"intel.indicator.keyword\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"row\":true,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T16:39:09.028Z","id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688143149028,8952],"type":"visualization","updated_at":"2023-06-30T16:39:09.028Z","version":"WzU5NTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T16:40:09.378Z","id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688143209378,8680],"type":"visualization","updated_at":"2023-06-30T16:40:09.378Z","version":"WzU5NzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Seen Where","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T16:40:39.028Z","id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688143239028,8965],"type":"visualization","updated_at":"2023-06-30T16:40:39.028Z","version":"WzU5OTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_77e957c4-13ac-480c-b799-0bd39559781b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_722a0294-a47b-4cd1-85c0-37f9933552c5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_79c4ec17-8411-49d8-82af-6921a321dd3b\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_779d2461-4d8a-4254-b380-26650a52a026\"}]","timeRestore":false,"title":"Security Onion - Intel","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T16:41:05.808Z","id":"85b529a0-0e5a-11eb-a255-e1e8e85e3571","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a9613b03-8b84-4149-9dfa-5b059c1e0e70:panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"77e957c4-13ac-480c-b799-0bd39559781b:panel_77e957c4-13ac-480c-b799-0bd39559781b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"722a0294-a47b-4cd1-85c0-37f9933552c5:panel_722a0294-a47b-4cd1-85c0-37f9933552c5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a008c6c0-0e76-4dc6-802b-72d68ad0c10d:panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"0adce98b-c9e8-469b-8cac-fb4ceb35b68a:panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a","type":"visualization"},{"id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","name":"2b95ef19-525e-4659-8ab3-67cb0e9dc41a:panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a","type":"visualization"},{"id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","name":"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7:panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7","type":"visualization"},{"id":"6b109430-0e60-11eb-a255-e1e8e85e3571","name":"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0:panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0","type":"visualization"},{"id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","name":"79c4ec17-8411-49d8-82af-6921a321dd3b:panel_79c4ec17-8411-49d8-82af-6921a321dd3b","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"779d2461-4d8a-4254-b380-26650a52a026:panel_779d2461-4d8a-4254-b380-26650a52a026","type":"search"}],"sort":[1688143265808,8733],"type":"dashboard","updated_at":"2023-06-30T16:41:05.808Z","version":"WzYwMjMsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688135089819,5345],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDcsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688135089819,5347],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDgsMV0="}
 {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T14:24:49.819Z","id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688135089819,5349],"type":"visualization","updated_at":"2023-06-30T14:24:49.819Z","version":"WzQzNDksMV0="}