From f38519247b2270605107ebdf49c164261ae910ed Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 8 Oct 2020 17:52:02 -0400
Subject: [PATCH] change capture loss to every 5 minutes and default grafana
 dashboard to 1h

---
 pillar/zeek/init.sls                                     | 3 ++-
 salt/grafana/dashboards/eval/eval.json                   | 2 +-
 salt/grafana/dashboards/manager/manager.json             | 2 +-
 salt/grafana/dashboards/managersearch/managersearch.json | 2 +-
 salt/grafana/dashboards/search_nodes/searchnode.json     | 2 +-
 salt/grafana/dashboards/sensor_nodes/sensor.json         | 2 +-
 salt/grafana/dashboards/standalone/standalone.json       | 2 +-
 7 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
index 10b92bb03..30a59284a 100644
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -52,4 +52,5 @@ zeek:
       - frameworks/signatures/detect-windows-shells
     redef:
       - LogAscii::use_json = T;
-      - LogAscii::json_timestamps = JSON::TS_ISO8601;
\ No newline at end of file
+      - LogAscii::json_timestamps = JSON::TS_ISO8601;
+      - CaptureLoss::watch_interval = 5 mins;
\ No newline at end of file
diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json
index 9b7e5616e..3631070d6 100644
--- a/salt/grafana/dashboards/eval/eval.json
+++ b/salt/grafana/dashboards/eval/eval.json
@@ -4591,7 +4591,7 @@
     ]
   },
   "time": {
-    "from": "now-15m",
+    "from": "now-1h",
     "to": "now"
   },
   "timepicker": {
diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json
index 81c35cb92..cc004865c 100644
--- a/salt/grafana/dashboards/manager/manager.json
+++ b/salt/grafana/dashboards/manager/manager.json
@@ -4137,7 +4137,7 @@
     ]
   },
   "time": {
-    "from": "now-15m",
+    "from": "now-1h",
     "to": "now"
   },
   "timepicker": {
diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json
index 7390be277..f605c875a 100644
--- a/salt/grafana/dashboards/managersearch/managersearch.json
+++ b/salt/grafana/dashboards/managersearch/managersearch.json
@@ -4883,7 +4883,7 @@
       ]
     },
     "time": {
-      "from": "now-30m",
+      "from": "now-1h",
       "to": "now"
     },
     "timepicker": {
diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json
index f56510955..8677d9f27 100644
--- a/salt/grafana/dashboards/search_nodes/searchnode.json
+++ b/salt/grafana/dashboards/search_nodes/searchnode.json
@@ -3658,7 +3658,7 @@
     ]
   },
   "time": {
-    "from": "now-30m",
+    "from": "now-1h",
     "to": "now"
   },
   "timepicker": {
diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json
index 5b134a717..2851a0e41 100644
--- a/salt/grafana/dashboards/sensor_nodes/sensor.json
+++ b/salt/grafana/dashboards/sensor_nodes/sensor.json
@@ -4396,7 +4396,7 @@
     ]
   },
   "time": {
-    "from": "now-15m",
+    "from": "now-1h",
     "to": "now"
   },
   "timepicker": {
diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json
index 3551f8f79..996e8555b 100644
--- a/salt/grafana/dashboards/standalone/standalone.json
+++ b/salt/grafana/dashboards/standalone/standalone.json
@@ -6651,7 +6651,7 @@
     ]
   },
   "time": {
-    "from": "now-15m",
+    "from": "now-1h",
     "to": "now"
   },
   "timepicker": {